Debian Bug report logs -
#668710
gajim: CVE-2012-2093 insecure temporary file creation in LaTeX support
Reported by: Nico Golde <nion@debian.org>
Date: Sat, 14 Apr 2012 05:57:01 UTC
Severity: important
Tags: patch, security
Fixed in versions gajim/0.13.4-3+squeeze2, gajim/0.13.4-3+squeeze3, gajim/0.15-1.1
Done: Luk Claes <luk@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Yann Leboulanger <asterix@lagaule.org>:
Bug#668710; Package gajim.
(Sat, 14 Apr 2012 05:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Yann Leboulanger <asterix@lagaule.org>.
(Sat, 14 Apr 2012 05:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: gajim
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gajim.
CVE-2012-2093[0]:
It was discovered that gajim is insecurely creating predictable file names
when converting LaTeX to png images. An attacker can exploit this flaw to
overwrite files of the user with a symlink attack.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2093
http://security-tracker.debian.org/tracker/CVE-2012-2093
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent
to Nico Golde <nion@debian.org>:
You have taken responsibility.
(Mon, 16 Apr 2012 21:09:14 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Mon, 16 Apr 2012 21:09:16 GMT) (full text, mbox, link).
Message #10 received at 668710-close@bugs.debian.org (full text, mbox, reply):
Source: gajim
Source-Version: 0.13.4-3+squeeze2
We believe that the bug you reported is fixed in the latest version of
gajim, which is due to be installed in the Debian FTP archive:
gajim_0.13.4-3+squeeze2.diff.gz
to main/g/gajim/gajim_0.13.4-3+squeeze2.diff.gz
gajim_0.13.4-3+squeeze2.dsc
to main/g/gajim/gajim_0.13.4-3+squeeze2.dsc
gajim_0.13.4-3+squeeze2_amd64.deb
to main/g/gajim/gajim_0.13.4-3+squeeze2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 668710@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated gajim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 15 Apr 2012 20:35:02 +0000
Source: gajim
Binary: gajim
Architecture: source amd64
Version: 0.13.4-3+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Yann Leboulanger <asterix@lagaule.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
gajim - Jabber client written in PyGTK
Closes: 668038 668710
Changes:
gajim (0.13.4-3+squeeze2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update fixes the following security issues:
- CVE-2012-2086: SQL injections via jids in logging code
- CVE-2012-2085: assisted code execution via crafted messages due
to insecurely processing input with popen.
- CVE-2012-2093: insecure use of temporary files when convering LaTeX
IM messages to png images.
(Closes: #668710, #668038)
Checksums-Sha1:
fd033c276b62fd97810eddfd5a49071f96650e38 1307 gajim_0.13.4-3+squeeze2.dsc
4320ea4f1ed82340778633f3858b05d8b48bfab8 5135705 gajim_0.13.4.orig.tar.gz
de7ea0863800fa4338a17d80a80c506f3ed023f6 9137 gajim_0.13.4-3+squeeze2.diff.gz
47b7a2c63c6f77b07b5ef31ac419368d3bcd82e0 4326502 gajim_0.13.4-3+squeeze2_amd64.deb
Checksums-Sha256:
4a90dbe1b855199df521808194f20370fa32dd2028a4ffb5c65674cfed4eca13 1307 gajim_0.13.4-3+squeeze2.dsc
70489184ac7829b6457b2bbe213669ca43c863bc4d96454c2a787a291cc75c67 5135705 gajim_0.13.4.orig.tar.gz
f023a0ccb52969ddff49233ba6e66c507ed7af383776c197cd731ef95c65332e 9137 gajim_0.13.4-3+squeeze2.diff.gz
230461ecb3f5cf3362668afdc97cc2cfc1e88333c82d333c1d6814a88d7be272 4326502 gajim_0.13.4-3+squeeze2_amd64.deb
Files:
c8e6eefa3304c70d49bb98a96ebe36a1 1307 net optional gajim_0.13.4-3+squeeze2.dsc
83293c88fb5398b582f2cd71015dea72 5135705 net optional gajim_0.13.4.orig.tar.gz
562848539a5f7d3e294883e8ec6b8044 9137 net optional gajim_0.13.4-3+squeeze2.diff.gz
8fb8bb424df9714f2931e03f8b209c18 4326502 net optional gajim_0.13.4-3+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk+LNYYACgkQHYflSXNkfP868QCgjIu1wn2MQ2w8awaaPj7GJE+9
KUEAoLNaIMkAuAh/xbnfZiAeToozuVQj
=+DGR
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Yann Leboulanger <asterix@lagaule.org>:
Bug#668710; Package gajim.
(Tue, 17 Apr 2012 07:43:04 GMT) (full text, mbox, link).
Acknowledgement sent
to ÐÐµÐ½Ð¸Ñ ÐÐ°Ð¶Ð°Ñ <akkerman.linuxoid@gmail.com>:
Extra info received and forwarded to list. Copy sent to Yann Leboulanger <asterix@lagaule.org>.
(Tue, 17 Apr 2012 07:43:05 GMT) (full text, mbox, link).
Message #15 received at 668710@bugs.debian.org (full text, mbox, reply):
After this update gajim started crashing while launching:
Traceback (most recent call last):
File "gajim.py", line 152, in <module>
from common import gajim
File "/usr/share/gajim/src/common/gajim.py", line 184, in <module>
HAVE_LATEX = latex.check_for_latex_support()
File "/usr/share/gajim/src/common/latex.py", line 92, in
check_for_latex_support
filename = latex_to_image("test")
File "/usr/share/gajim/src/common/latex.py", line 159, in latex_to_image
os.rename(tmpfile + '.png', tmppng)
OSError: [Errno 2] No such file or directory
Information forwarded
to debian-bugs-dist@lists.debian.org, Yann Leboulanger <asterix@lagaule.org>:
Bug#668710; Package gajim.
(Tue, 17 Apr 2012 08:52:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Yann Leboulanger <yann@leboulanger.org>:
Extra info received and forwarded to list. Copy sent to Yann Leboulanger <asterix@lagaule.org>.
(Tue, 17 Apr 2012 08:52:23 GMT) (full text, mbox, link).
Message #20 received at 668710@bugs.debian.org (full text, mbox, reply):
On 04/17/2012 09:41 AM, Денис Мажар wrote:
> After this update gajim started crashing while launching:
>
> Traceback (most recent call last):
> File "gajim.py", line 152, in <module>
> from common import gajim
> File "/usr/share/gajim/src/common/gajim.py", line 184, in <module>
> HAVE_LATEX = latex.check_for_latex_support()
> File "/usr/share/gajim/src/common/latex.py", line 92, in
> check_for_latex_support
> filename = latex_to_image("test")
> File "/usr/share/gajim/src/common/latex.py", line 159, in latex_to_image
> os.rename(tmpfile + '.png', tmppng)
> OSError: [Errno 2] No such file or directory
>
>
indeed this command should be in a
if exitcode == 0:
--
Yann
Information forwarded
to debian-bugs-dist@lists.debian.org, Yann Leboulanger <asterix@lagaule.org>:
Bug#668710; Package gajim.
(Thu, 19 Apr 2012 07:06:20 GMT) (full text, mbox, link).
Acknowledgement sent
to ÐÐµÐ½Ð¸Ñ ÐÐ°Ð¶Ð°Ñ <akkerman.linuxoid@gmail.com>:
Extra info received and forwarded to list. Copy sent to Yann Leboulanger <asterix@lagaule.org>.
(Thu, 19 Apr 2012 07:06:20 GMT) (full text, mbox, link).
Message #25 received at 668710@bugs.debian.org (full text, mbox, reply):
17.04.2012 11:48, Yann Leboulanger пиÑеÑ:
>
> indeed this command should be in a
> if exitcode == 0:
>
Fixed for me in 0.13.4-3+squeeze3
Reply sent
to Nico Golde <nion@debian.org>:
You have taken responsibility.
(Fri, 20 Apr 2012 19:33:11 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Fri, 20 Apr 2012 19:33:11 GMT) (full text, mbox, link).
Message #30 received at 668710-close@bugs.debian.org (full text, mbox, reply):
Source: gajim
Source-Version: 0.13.4-3+squeeze3
We believe that the bug you reported is fixed in the latest version of
gajim, which is due to be installed in the Debian FTP archive:
gajim_0.13.4-3+squeeze3.diff.gz
to main/g/gajim/gajim_0.13.4-3+squeeze3.diff.gz
gajim_0.13.4-3+squeeze3.dsc
to main/g/gajim/gajim_0.13.4-3+squeeze3.dsc
gajim_0.13.4-3+squeeze3_amd64.deb
to main/g/gajim/gajim_0.13.4-3+squeeze3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 668710@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated gajim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 17 Apr 2012 16:01:14 +0000
Source: gajim
Binary: gajim
Architecture: source amd64
Version: 0.13.4-3+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Yann Leboulanger <asterix@lagaule.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
gajim - Jabber client written in PyGTK
Closes: 668710 669100 669105 669106
Changes:
gajim (0.13.4-3+squeeze3) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix regression introduced by last update if latx conversion
utilities are not installed, check_latex("test") fails.
(Closes: #668710, #669100, #669105, #669106)
Checksums-Sha1:
b6ef9d428daa9a27e982778dbae560f19eec59cf 1307 gajim_0.13.4-3+squeeze3.dsc
20d264d0badafb33d288c8cc873eb90094810157 9121 gajim_0.13.4-3+squeeze3.diff.gz
03f867a445aa0668439a92d8f5992be522cbf6f8 4326716 gajim_0.13.4-3+squeeze3_amd64.deb
Checksums-Sha256:
f39bb7203c62b4d85609e4536fae6dabd5cb51291d210c21f427acba7bd51f6f 1307 gajim_0.13.4-3+squeeze3.dsc
71fafbdef9d13c272a5a3368f593aaf17148dc9f7569f48c384e9fb253b12fcd 9121 gajim_0.13.4-3+squeeze3.diff.gz
e3a022b05e5d7a90f3db523bd0f219798305fc3d9165261cf9fbaa6175c9794b 4326716 gajim_0.13.4-3+squeeze3_amd64.deb
Files:
cd12b399ee3d819f3be5564a8efe1eca 1307 net optional gajim_0.13.4-3+squeeze3.dsc
f43074453794bd15adf83743190832b5 9121 net optional gajim_0.13.4-3+squeeze3.diff.gz
8b4dd58c50ee109c7d3bbb764c0f3a17 4326716 net optional gajim_0.13.4-3+squeeze3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk+Nlw4ACgkQHYflSXNkfP84fACbBnr2US96KiVdCGrEWn6APDLG
lLwAn0tG2e4MapiXpwQqVk+lEn1So8tH
=PWrT
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 19 May 2012 07:35:07 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Sat, 16 Jun 2012 17:24:02 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Yann Leboulanger <asterix@lagaule.org>:
Bug#668710; Package gajim.
(Sat, 16 Jun 2012 17:27:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Yann Leboulanger <asterix@lagaule.org>.
(Sat, 16 Jun 2012 17:27:10 GMT) (full text, mbox, link).
Message #39 received at 668710@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 668710 + patch
tags 668710 + pending
thanks
Dear maintainer,
I've prepared an NMU for gajim (versioned as 0.15-1.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.
Cheers
Luk
[gajim-0.15-1.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Sat, 16 Jun 2012 17:27:13 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Sat, 16 Jun 2012 17:27:14 GMT) (full text, mbox, link).
Reply sent
to Luk Claes <luk@debian.org>:
You have taken responsibility.
(Mon, 18 Jun 2012 16:51:03 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Mon, 18 Jun 2012 16:51:03 GMT) (full text, mbox, link).
Message #48 received at 668710-close@bugs.debian.org (full text, mbox, reply):
Source: gajim
Source-Version: 0.15-1.1
We believe that the bug you reported is fixed in the latest version of
gajim, which is due to be installed in the Debian FTP archive:
gajim_0.15-1.1.diff.gz
to main/g/gajim/gajim_0.15-1.1.diff.gz
gajim_0.15-1.1.dsc
to main/g/gajim/gajim_0.15-1.1.dsc
gajim_0.15-1.1_all.deb
to main/g/gajim/gajim_0.15-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 668710@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated gajim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 16 Jun 2012 18:22:00 +0200
Source: gajim
Binary: gajim
Architecture: source all
Version: 0.15-1.1
Distribution: unstable
Urgency: high
Maintainer: Yann Leboulanger <asterix@lagaule.org>
Changed-By: Luk Claes <luk@debian.org>
Description:
gajim - Jabber client written in PyGTK
Closes: 668710
Changes:
gajim (0.15-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix CVE-2012-2093: insecure use of temporary files when convering LaTeX
IM messages to png images. Closes: #668710
Checksums-Sha1:
50926c2a09be62e9c1673aa36e4ff6716ea258b3 1184 gajim_0.15-1.1.dsc
b1fd6a568c4ecd98dc4aa9258f4325bc7f01b681 6265 gajim_0.15-1.1.diff.gz
e9f3014e7e5fb6980e12024990084d7815aeb768 4663126 gajim_0.15-1.1_all.deb
Checksums-Sha256:
7d73e83b9a21c802979b1322f3ae9030c063373c764ad971cacb80e787d31400 1184 gajim_0.15-1.1.dsc
33078b7857e196928cd97e6b3dd8ed21ae3ef055b9a0a8721d5b620220acbdbe 6265 gajim_0.15-1.1.diff.gz
3ac7ae2337c3b9f218ba1a6fc6a5727f64c8fc7549703187dc46a178d1646b6b 4663126 gajim_0.15-1.1_all.deb
Files:
e1f57efb428016afd9f7c47db2303365 1184 net optional gajim_0.15-1.1.dsc
c74757cd427334740bc01a3fef7778e9 6265 net optional gajim_0.15-1.1.diff.gz
c837201ff31a87346fbd230f81386f1b 4663126 net optional gajim_0.15-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/ctH8ACgkQ5UTeB5t8Mo2EUACgrI5a6igReIO1oAbGhSXRwf5D
VxQAn0+1HE43ri7ouJJT8ts9qHeuKf2t
=S/Je
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 19 Jul 2012 07:26:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:51:10 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon
