Bug 75104 - [PATCH] devel/cscope: security fix CAN-2004-0996
Summary: [PATCH] devel/cscope: security fix CAN-2004-0996
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Pete Fritchman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-15 12:10 UTC by Matthias Andree
Modified: 2004-12-15 16:38 UTC (History)
1 user (show)

See Also:


Attachments
cscope-15.5_1.patch (2.25 KB, patch)
2004-12-15 12:10 UTC, Matthias Andree
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree 2004-12-15 12:10:27 UTC
(1) Apply patch (sans version bump) from cscope CVS as files/patch-ac,
http://cvs.sourceforge.net/viewcvs.py/cscope/cscope/src/main.c?r1=1.33&r2=1.34&sortby=date&diff_format=u
to fix CAN-2004-0996 "main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0996
http://www.vuxml.org/freebsd/a7bfd423-484f-11d9-a9e7-0001020eed82.html
http://www.freebsd.org/ports/portaudit/a7bfd423-484f-11d9-a9e7-0001020eed82.html

(2) Bump portrevision.

Added file(s):
- files/patch-ac

Port maintainer (petef@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.63
Comment 1 Pete Fritchman freebsd_committer 2004-12-15 15:46:07 UTC
Responsible Changed
From-To: freebsd-ports-bugs->petef

my port.
Comment 2 Pete Fritchman freebsd_committer 2004-12-15 16:38:02 UTC
State Changed
From-To: open->closed

Committed, thanks.