oss-sec mailing list archives
Re: Security fixes in m4-1.4.11
From: Josh Bressers <bressers () redhat com>
Date: Fri, 11 Apr 2008 14:19:57 -0400
On Sun, 6 Apr 2008, Patrick J. Volkerding wrote:Minor security fix: Quote output of mkstemp.Use CVE-2008-1687Security fix: avoid arbitrary code execution with 'm4 -F'.Use CVE-2008-1688 Note - these CVE's will not be live until Monday.
So I took a look at these today, I don't think either is really a security issue. Both issues are certainly bugs, but given each situation, it would be just as easy to get a victim to run something blatantly malicious that doesn't need to leverage obscure flaws in the language. Has anyone else had a look? Thanks. -- JB
Current thread:
- Security fixes in m4-1.4.11 Patrick J. Volkerding (Apr 06)
- Re: Security fixes in m4-1.4.11 Steven M. Christey (Apr 06)
- Re: Security fixes in m4-1.4.11 Lubomir Kundrak (Apr 07)
- Re: Security fixes in m4-1.4.11 Florian Weimer (Apr 07)
- Re: Security fixes in m4-1.4.11 Josh Bressers (Apr 11)
- Re: Security fixes in m4-1.4.11 Lubomir Kundrak (Apr 07)
- Re: Security fixes in m4-1.4.11 Steven M. Christey (Apr 06)