Subject: CVS commit: [pkgsrc-2005Q4] pkgsrc/graphics/tuxpaint
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 03/11/2006 03:48:05
Module Name: pkgsrc
Committed By: snj
Date: Sat Mar 11 03:48:05 UTC 2006
Modified Files:
pkgsrc/graphics/tuxpaint [pkgsrc-2005Q4]: Makefile distinfo
Added Files:
pkgsrc/graphics/tuxpaint/patches [pkgsrc-2005Q4]: patch-ac
Log Message:
Pullup ticket 1203 - requested by Joerg Sonnenberger
security fix for tuxpaint
Revisions pulled up:
- pkgsrc/graphics/tuxpaint/Makefile 1.35
- pkgsrc/graphics/tuxpaint/distinfo 1.18
- pkgsrc/graphics/tuxpaint/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Jan 17 22:48:57 UTC 2006
Modified Files:
pkgsrc/graphics/tuxpaint: Makefile distinfo
Added Files:
pkgsrc/graphics/tuxpaint/patches: patch-ac
Log Message:
Add a patch via Debain to address:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be
exploited via symlink attacks to create or overwrite arbitrary files with
the privileges of the user running the affected script."
Bump to nb6.
To generate a diff of this commit:
cvs rdiff -r1.33 -r1.33.2.1 pkgsrc/graphics/tuxpaint/Makefile
cvs rdiff -r1.16 -r1.16.8.1 pkgsrc/graphics/tuxpaint/distinfo
cvs rdiff -r0 -r1.1.2.1 pkgsrc/graphics/tuxpaint/patches/patch-ac
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.