FS#67048 - [security][guile1.8] CVE-2016-8605
Attached to Project:
Arch Linux
Opened by loqs (loqs) - Friday, 19 June 2020, 17:37 GMT
Last edited by David Runge (dvzrv) - Wednesday, 02 November 2022, 08:37 GMT
Opened by loqs (loqs) - Friday, 19 June 2020, 17:37 GMT
Last edited by David Runge (dvzrv) - Wednesday, 02 November 2022, 08:37 GMT
|
Details
Description:
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. Additional info: * guile1.8 1.8.8-7 * https://src.fedoraproject.org/rpms/compat-guile18/blob/master/f/guile-1.8.8-cve-2016-8605.patch |
This task depends upon
Closed by David Runge (dvzrv)
Wednesday, 02 November 2022, 08:37 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with guile1.8 1.8.8-9
Wednesday, 02 November 2022, 08:37 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with guile1.8 1.8.8-9
Please give feedback.