Bug 936 – Temporary file vulnerability in renderer.c

Bug 936 - Temporary file vulnerability in renderer.c

Summary:

Temporary file vulnerability in renderer.c

Status:	RESOLVED FIXED

Product:	OpenPrinting
Classification:	Unclassified
Component:	foomatic-filters
Version:	unspecified
Platform:	All All

Importance:	P2 major
Assigned To:	Till Kamppeter

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2011-08-18 08:47 UTC by Tim Waugh
Modified:	2011-08-18 12:31 UTC (History)
CC List:	0 users

See Also:

Attachments
foomatic-filters-CVE-2011-2924.patch (1.38 KB, patch) 2011-08-18 08:47 UTC, Tim Waugh	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Waugh 2011-08-18 08:47:48 UTC

Created attachment 351 [details]
foomatic-filters-CVE-2011-2924.patch

Writing debug file output in debugging mode is performed insecurely (CVE-2011-2924).

Comment 1 Till Kamppeter 2011-08-18 12:31:44 UTC

Fixed in the BZR repositories, rev 256 of trunk and rev 242 of 4.0.x.

Tim, thank you very much for the patch.

Note that I have added a little change. The file to capture the renderer input was reset before starting the rendering. This resetting I have removed as the capture file has a different name on every run of foomatic-rip now.