Bug 75104

Summary: [PATCH] devel/cscope: security fix CAN-2004-0996
Product: Ports & Packages Reporter: Matthias Andree <matthias.andree>
Component: Individual Port(s)Assignee: Pete Fritchman <petef>
Status: Closed FIXED    
Severity: Affects Only Me CC: petef
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
cscope-15.5_1.patch none

Description Matthias Andree 2004-12-15 12:10:27 UTC 
(1) Apply patch (sans version bump) from cscope CVS as files/patch-ac,
http://cvs.sourceforge.net/viewcvs.py/cscope/cscope/src/main.c?r1=1.33&r2=1.34&sortby=date&diff_format=u
to fix CAN-2004-0996 "main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0996
http://www.vuxml.org/freebsd/a7bfd423-484f-11d9-a9e7-0001020eed82.html
http://www.freebsd.org/ports/portaudit/a7bfd423-484f-11d9-a9e7-0001020eed82.html

(2) Bump portrevision.

Added file(s):
- files/patch-ac

Port maintainer (petef@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.63
Comment 1 Pete Fritchman freebsd_committer freebsd_triage 2004-12-15 15:46:07 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->petef

my port.
Comment 2 Pete Fritchman freebsd_committer freebsd_triage 2004-12-15 16:38:02 UTC 
State Changed
From-To: open->closed

Committed, thanks.