Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#67048 - [security][guile1.8] CVE-2016-8605
Attached to Project:
Arch Linux
Opened by loqs (loqs) - Friday, 19 June 2020, 17:37 GMT
Last edited by David Runge (dvzrv) - Wednesday, 02 November 2022, 08:37 GMT
Opened by loqs (loqs) - Friday, 19 June 2020, 17:37 GMT
Last edited by David Runge (dvzrv) - Wednesday, 02 November 2022, 08:37 GMT
|
DetailsDescription:
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. Additional info: * guile1.8 1.8.8-7 * https://src.fedoraproject.org/rpms/compat-guile18/blob/master/f/guile-1.8.8-cve-2016-8605.patch |
This task depends upon
Closed by David Runge (dvzrv)
Wednesday, 02 November 2022, 08:37 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with guile1.8 1.8.8-9
Wednesday, 02 November 2022, 08:37 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with guile1.8 1.8.8-9
Please give feedback.