Debian
ircii-pana package

CVE-2007-5839: Insecure temporary file creation

Bug #162295 reported by William Grant
258
Affects Status Importance Assigned to Milestone
ircii-pana (Debian)
Fix Released
Unknown
ircii-pana (Ubuntu)
Invalid
Medium
Unassigned
Dapper
Won't Fix
Medium
Unassigned
Edgy
Won't Fix
Medium
Unassigned
Feisty
Won't Fix
Medium
Unassigned
Gutsy
Won't Fix
Medium
Unassigned
Hardy
Invalid
Medium
Unassigned

Bug Description

The e_hostname function (commands.c) uses tmpnam to create a temporary file which is known to be insecure.

CVE References

Revision history for this message
William Grant (wgrant) wrote : Re: [Bug 162295] CVE-2007-5839: Insecure temporary file creation

Yes, LP's web interface sucks.

  affects ubuntu/dapper/ircii-pana
  status confirmed
  importance medium

  affects ubuntu/edgy/ircii-pana
  status confirmed
  importance medium

  affects ubuntu/feisty/ircii-pana
  status confirmed
  importance medium

  affects ubuntu/gutsy/ircii-pana
  status confirmed
  importance medium

  affects ubuntu/hardy/ircii-pana
  status confirmed
  importance medium

Changed in ircii-pana:
importance: Undecided → Medium
importance: Undecided → Medium
importance: Undecided → Medium
importance: Undecided → Medium
importance: Undecided → Medium
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in ircii-pana:
status: Unknown → New
Revision history for this message
William Grant (wgrant) wrote :

No longer in hardy.

Changed in ircii-pana:
status: Confirmed → Invalid
Bug Watch Updater (bug-watch-updater)
Changed in ircii-pana:
status: New → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in ircii-pana:
status: Confirmed → Won't Fix
Revision history for this message
LumpyCustard (orangelumpycustard) wrote :

Please close for Feisty as Won't Fix? This goes for all the other Feisty bugs.

Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in ircii-pana:
status: Confirmed → Won't Fix
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in ircii-pana (Ubuntu Gutsy):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in ircii-pana (Ubuntu Dapper):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.