[policyd-weight] [CVE-2008-1569, CVE-2008-1570] insecure temporary files

Bug #210150 reported by disabled.user on 2008-04-01
260
Affects Status Importance Assigned to Milestone
Edgy Backports
Undecided
Unassigned
policyd-weight (Gentoo Linux)
Fix Released
Low
policyd-weight (Ubuntu)
Undecided
William Grant
Feisty
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Undecided
William Grant

Bug Description

Binary package hint: policyd-weight

References:
DSA-1531-2 (http://www.debian.org/security/2008/dsa-1531)

Quoting:
"Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitary files from the local system."

CVE References

William Grant (wgrant) on 2008-04-06
Changed in policyd-weight:
assignee: nobody → fujitsu
status: New → In Progress
status: New → Confirmed
status: New → Confirmed
Changed in edgy-backports:
status: New → Confirmed
Changed in policyd-weight:
status: Unknown → Confirmed
William Grant (wgrant) wrote :

Fixed in 0.1.14.17-1 in Hardy.

Changed in policyd-weight:
status: In Progress → Fix Released
Changed in policyd-weight:
status: Confirmed → Fix Released

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

status invalid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: http://getfiregpg.org

iEYEARECAAYFAkiyPv4ACgkQpblTBJ2i2pt2tACeKMfuWXBOwHbH3Qnw3VMqFioX
H8AAnjrzHUYmv2SNyCUndmYV0zT4pK0d
=hA6P
-----END PGP SIGNATURE-----

Changed in edgy-backports:
status: Confirmed → Invalid
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in policyd-weight:
status: Confirmed → Won't Fix
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in policyd-weight (Ubuntu Gutsy):
status: Confirmed → Won't Fix
Changed in policyd-weight (Gentoo Linux):
importance: Unknown → Low
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.