Re: pkg/31570: additional: fix for security issue with bacula =< 1.37.39

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/31570: additional: fix for security issue with bacula =< 1.37.39
From: Geert Hendrickx <ghen%telenet.be@localhost>
Date: Thu, 13 Oct 2005 09:00:04 +0000 (UTC)

The following reply was made to PR pkg/31570; it has been noted by GNATS.

From: Geert Hendrickx <ghen%telenet.be@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: wiz%netbsd.org@localhost
Subject: Re: pkg/31570: additional: fix for security issue with bacula =< 
1.37.39
Date: Thu, 13 Oct 2005 10:59:45 +0200

 This security vulnerability: http://www.zataz.net/adviso/bacula-09192005.txt
 has been fixed in the latest 1.37.x release of bacula.  Since this is their
 -beta branch, and we decided to stay on the stable (1.36.x) branch (amongst
 other changes, 1.37.x seems to use an incompatible database format), I have
 taken the security-relevant part of the diffs on the trunk and applied them
 to 1.36.3.  The resulting patch is to be included as patches/patch-ah: 
 
 ===>
 $NetBSD$
 
 --- autoconf/randpass.orig     2002-11-09 16:55:22.000000000 +0100
 +++ autoconf/randpass
 @@ -8,7 +8,14 @@ if test "x$1" = "x" ; then
  else
     PWL=$1
  fi 
 -tmp=/tmp/p.tmp.$$    
 +tmp=`mktemp randpass.XXXXXXXXXX`
 +if test x$tmp = x; then
 +   tmp=/tmp/p.tmp.$$    
 +   if test -f $tmp; then
 +      echo "Temp file security problem on: $tmp"
 +      exit 1
 +   fi
 +fi
  cp autoconf/randpass.bc $tmp
  ps | sum | tr -d ':[:alpha:] ' | sed 's/^/k=/' >>$tmp
  date | tr -d ':[:alpha:] ' | sed 's/^/k=k*/' >>$tmp
 <===
 
 --- distinfo.orig      2005-10-13 10:53:40.000000000 +0200
 +++ distinfo           2005-10-13 10:53:41.000000000 +0200
 @@ -8,3 +8,4 @@
  SHA1 (patch-ae) = ad4b7d5cb83f021235c11504a034def897fffcac
  SHA1 (patch-af) = 926e74b83a09f4620672ffb8419d9ea22983d231
  SHA1 (patch-ag) = d955ad9fb3772471580518c6528c898263333521
 +SHA1 (patch-ah) = 40ef8d3719e8ad2ba5c24de8d5661b3bfbbb5806
 
 (this diff is to be applied after my earlier update to 1.36.3 with the
 latest patches/patch-ag)
 
 For unambigious versioning (with and without the vulnerability), I propose
 we immediatly bump the PKGREVISION to 1 and do: 
 
 --- pkg-vulnerabilities.orig   2005-10-13 10:56:50.000000000 +0200
 +++ pkg-vulnerabilities                2005-10-13 10:57:09.000000000 +0200
 @@ -1458,7 +1458,7 @@
  nss_ldap<240          information-disclosure          
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
  opera<8.50            cross-site-scripting            
http://secunia.com/advisories/16645/
  opera<8.50            file-spoofing                   
http://secunia.com/advisories/16645/
 -bacula<1.37.39                insecure-temp-files             
http://secunia.com/advisories/16866/
 +bacula<1.36.3nb1      insecure-temp-files             
http://secunia.com/advisories/16866/
  firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}<1.0.7    remote-command-execution        
http://www.frsirt.com/english/advisories/2005/1794
  ruby16-base<1.6.8nb2  access-validation-bypass        
http://jvn.jp/jp/JVN%2362914675/index.html
  ruby18-base<1.8.2nb4  access-validation-bypass        
http://jvn.jp/jp/JVN%2362914675/index.html
 
        Geert

Prev by Date: Re: pkg/31556
Next by Date: Re: pkg/31556
Previous by Thread: pkg/31574: databases/postgres80-client fails to link on Mac OS X
Next by Thread: Re: pkg/31570: additional: fix for security issue with bacula =< 1.37.39
Indexes:

Home | Main Index | Thread Index | Old Index