pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/47360: textproc/isearch insecure temporary files

>Number:         47360
>Category:       pkg
>Synopsis:       textproc/isearch insecure temporary files
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 21 10:40:01 +0000 2012
>Originator:     David A. Holland
>Release:        pkgsrc 20121220

The isearch package (textproc/isearch) uses the tempnam() function in
three different places to choose the name of a temporary file it
writes later on into a publicly-writable area (/tmp). Needless to say,
this is insecure.


Observe the linker warnings, search the source.


Update to at least isearch-1.47.01nb1, or take the relevant portions
of these patches:


Home | Main Index | Thread Index | Old Index