GNU bug report logs - #17415
insecure temp file in tramp-uudecode

Previous Next

Package: emacs;

Reported by: Glenn Morris <rgm <at> gnu.org>

Date: Tue, 6 May 2014 04:01:02 UTC

Severity: important

Tags: security

Found in version 24.3.90

Fixed in version 24.4

Done: Michael Albinus <michael.albinus <at> gmx.de>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 17415 in the body.
You can then email your comments to 17415 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to michael.albinus <at> gmx.de, bug-gnu-emacs <at> gnu.org:
bug#17415; Package emacs. (Tue, 06 May 2014 04:01:02 GMT) Full text and rfc822 format available.

Message #3 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: submit <at> debbugs.gnu.org
Subject: insecure temp file in tramp-uudecode
Date: Tue, 06 May 2014 00:00:06 -0400

Package: emacs
Version: 24.3.90
Severity: important
Tags: security

http://bugs.debian.org/747100 points out that tramp-uudecode (now defined
tramp-sh.el) uses a predictable temp-file name.
Reply sent to Michael Albinus <michael.albinus <at> gmx.de>:
You have taken responsibility. (Tue, 06 May 2014 09:54:02 GMT) Full text and rfc822 format available.
Notification sent to Glenn Morris <rgm <at> gnu.org>:
bug acknowledged by developer. (Tue, 06 May 2014 09:54:03 GMT) Full text and rfc822 format available.

Message #8 received at 17415-done <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 17415-done <at> debbugs.gnu.org
Subject: Re: bug#17415: insecure temp file in tramp-uudecode
Date: Tue, 06 May 2014 11:53:03 +0200

Version: 24.4

Glenn Morris <rgm <at> gnu.org> writes:

> http://bugs.debian.org/747100 points out that tramp-uudecode (now defined
> tramp-sh.el) uses a predictable temp-file name.

Indeed. I've fixed this in the emacs-24 branch, closing the bug.

Best regards, Michael.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 03 Jun 2014 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 11 years and 112 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.