Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability

Related Vulnerabilities: CVE-2013-4184   cve-2013-4184  

Source

Debian Bug report logs - #718949
libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability

version graph

Package: libdata-uuid-perl; Maintainer for libdata-uuid-perl is Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>; Source for libdata-uuid-perl is src:libdata-uuid-perl (PTS, buildd, popcon).

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 7 Aug 2013 06:06:01 UTC

Severity: important

Tags: help, patch, security, upstream

Merged with 718950

Found in version libdata-uuid-perl/1.219-1

Forwarded to https://github.com/rjbs/Data-UUID/issues/5

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#718949; Package libdata-uuid-perl. (Wed, 07 Aug 2013 06:06:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>. (Wed, 07 Aug 2013 06:06:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability
Date: Wed, 07 Aug 2013 08:02:50 +0200
Package: libdata-uuid-perl
Version: 1.219-1
Severity: important
Tags: security upstream

Hi

CVE-2013-4184 was assigned to a symlink attack vulnerability for
Data::UUID. See 

 http://marc.info/?l=oss-security&m=137525838315067&w=2

and

 https://github.com/rjbs/Data-UUID/issues/5

Regards,
Salvatore

Merged 718949 718950 Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 07 Aug 2013 06:12:12 GMT) (full text, mbox, link).

Merged 718949 718950 Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 07 Aug 2013 06:12:17 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://github.com/rjbs/Data-UUID/issues/5'. Request was from Damyan Ivanov <dmn@debian.org> to control@bugs.debian.org. (Fri, 03 Nov 2017 11:45:04 GMT) (full text, mbox, link).

Added tag(s) help. Request was from Damyan Ivanov <dmn@debian.org> to control@bugs.debian.org. (Fri, 03 Nov 2017 12:00:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>:
Bug#718949; Package libdata-uuid-perl. (Fri, 03 Nov 2017 13:36:03 GMT) (full text, mbox, link).

Message #16 received at 718949@bugs.debian.org (full text, mbox, reply):

From: Damyan Ivanov <dmn@debian.org>
To: 718949@bugs.debian.org
Subject: #718949 -- libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability
Date: Fri, 3 Nov 2017 13:32:01 +0000
[Message part 1 (text/plain, inline)]
Control: tag -1 patch

I have a (rather crude) patch that removes save/retrieval of 
state/node info to files. The test suite seems to pass.

Not sure whether we shall seek to remove libdata-uuid-perl instead.
There are libuuid-perl and  libossp-uuid-perl which seem like suitable 
replacement.

DAK check shows three affected packages:

# Broken Depends:
libcatmandu-perl: libcatmandu-perl
libkiokudb-perl: libkiokudb-perl
zoneminder: zoneminder [amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x]

# Broken Build-Depends:
libcatmandu-perl: libdata-uuid-perl
libkiokudb-perl: libdata-uuid-perl


Cheers,
    dam

[cve-2013-4184.patch (text/x-diff, attachment)]

Added tag(s) patch. Request was from Damyan Ivanov <dmn@debian.org> to 718949-submit@bugs.debian.org. (Fri, 03 Nov 2017 13:36:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:19:03 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started