Ubuntu
gnucash package

tmp file overwrites

Bug #86906 reported by Kees Cook on 2007-02-22

6

Affects		Status	Importance	Assigned to	Milestone
	gnucash (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: gnucash

Temp file overwrite vulnerability, fixed in 2.0.5.

CVE References

2007-0007

Revision history for this message

magilus (magilus) wrote on 2007-03-03:

#1

Easiest way to fix that is to sync a UVF exception for 2.0.5 from Debian.

Changed in gnucash:
assignee:	nobody → pirast
status:	Unconfirmed → Confirmed

Revision history for this message

magilus (magilus) wrote on 2007-03-03:

#2

diffstat of the upstream tarballs Edit (23.0 KiB, text/plain)

Revision history for this message

magilus (magilus) wrote on 2007-03-03:

#3

diff of the Upstream ChangeLog Edit (12.8 KiB, text/plain)

Revision history for this message

magilus (magilus) wrote on 2007-03-04:

#4

Compiling of 2.0.5 fails for me although I applied the Ubuntu changes. I'd be happy if anyone else could fix this bug.

Changed in gnucash:
assignee:	pirast → nobody

Revision history for this message

andi5 (andi5) wrote on 2007-04-30:

#5

gnucash 2.0.5-1ubuntu1 has been uploaded.

Changed in gnucash:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.