Bug 1057544 (CVE-2014-1639)
| Summary: | CVE-2014-1639 syncevolution: insecure temporary file usage in installcheck-local.sh | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | extras-orphan, jrusnack, mprpic, pbrobinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-05-05 14:01:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1057545 | ||
| Bug Blocks: | |||
|
Description
Martin Prpič
2014-01-24 10:13:33 UTC
Created syncevolution tracking bugs for this issue: Affects: fedora-all [bug 1057545] Can you tell me if this has been fixed in 1.4.x releases? Hi Peter, the following entry can be found in the ChangeLog for syncevolution-1.4.tar.gz [1], indicating that this issue has been fixed in the 1.4 release: ------------------------8<------------------------ 2014-02-15 Patrick Ohly <patrick.ohly> * src/syncevo/installcheck-local.sh: autotools: fix temp file vulnerability during compilation (CVE-2014-1639) ------------------------8<------------------------ The syncevolution 1.4 release notes also mention that this issue has been fixed; see [2]. [1] http://downloads.syncevolution.org/syncevolution/sources/syncevolution-1.4.tar.gz [2] https://syncevolution.org/blogs/pohly/2014/syncevolution-14-released Brilliant, thanks. F-20 has had 1.4 for a while, I'll push 1.4.1 to both 20/19. syncevolution-1.4.1-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. syncevolution-1.4.1-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. Fixed in all current Fedora releases so closing |