CVS commit: pkgsrc/audio/cmus

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/audio/cmus
From: Adam Hoka <ahoka%netbsd.org@localhost>
Date: Wed, 17 Dec 2008 23:49:57 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   ahoka
Date:           Wed Dec 17 23:49:57 UTC 2008

Modified Files:
        pkgsrc/audio/cmus: Makefile distinfo
Added Files:
        pkgsrc/audio/cmus/patches: patch-ae

Log Message:
A security issue has been reported in cmus, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

The security issue is caused due to the "cmus-status-display" script using
temporary files in an insecure manner. This can be exploited to
e.g. overwrite arbitrary files via symlink attacks.

This commit fixes this issue.


To generate a diff of this commit:
cvs rdiff -r1.14 -r1.15 pkgsrc/audio/cmus/Makefile
cvs rdiff -r1.4 -r1.5 pkgsrc/audio/cmus/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/audio/cmus/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/www/firefox3
Next by Date: CVS commit: pkgsrc/devel/p5-Tie-File
Previous by Thread: CVS commit: pkgsrc/www/firefox3
Next by Thread: CVS commit: pkgsrc/devel/p5-Tie-File
Indexes:

Home | Main Index | Thread Index | Old Index