Bug 42210
Summary: | ispell uses mktemp/fopen for tempfiles. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Jarno Huuskonen <jarno.huuskonen> | ||||||
Component: | ispell | Assignee: | Trond Eivind Glomsrxd <teg> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 6.2 | Keywords: | Security | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i386 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2001-05-30 18:45:11 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Jarno Huuskonen
2001-05-24 20:18:01 UTC
Created attachment 19530 [details]
Patch for ispell to use mkstemp/fdopen
ispell 3.1.20-25.52 and 3.1.20-26 has this fix included... sq.c and unsq.c use gets. OpenBSD has a patch for these (gets->fgets): http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/ispell/patches/ (They have also a patch for the mktemp that's a little shorter than the one I posted) I think I'll let the gets stay... is there any risk for doing anything but crashing your own, nonsuid app? Ispell bugs might matter when it's called from IMP-webmail for example. I haven't checked if the gets are in ispell or in the helper applications (or if they can be exploited at all) probably not a big deal. Can you take a look at the attached patch? It's a mix of three of OpenBSD's patches Created attachment 19971 [details]
Suggested patch for ispell to use mkstemp and convert some gets...
The patch looks good to me. Preparing errata with the above patch... The errata was released yesterday... thanks for your input. |