From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 9 Oct 2017 18:53:29 +0100
Subject: reinit the tree, so we can have metadata

---
 metadata/glsa/glsa-200411-13.xml | 82 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 metadata/glsa/glsa-200411-13.xml

(limited to 'metadata/glsa/glsa-200411-13.xml')

diff --git a/metadata/glsa/glsa-200411-13.xml b/metadata/glsa/glsa-200411-13.xml
new file mode 100644
index 000000000000..ba3644e00f4f
--- /dev/null
+++ b/metadata/glsa/glsa-200411-13.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200411-13">
+  <title>Portage, Gentoolkit: Temporary file vulnerabilities</title>
+  <synopsis>
+    dispatch-conf (included in Portage) and qpkg (included in Gentoolkit) are
+    vulnerable to symlink attacks, potentially allowing a local user to
+    overwrite arbitrary files with the rights of the user running the script.
+  </synopsis>
+  <product type="ebuild">portage gentoolkit</product>
+  <announced>2004-11-07</announced>
+  <revised>2006-05-22: 02</revised>
+  <bug>68846</bug>
+  <bug>69147</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/portage" auto="yes" arch="*">
+      <unaffected range="ge">2.0.51-r3</unaffected>
+      <vulnerable range="le">2.0.51-r2</vulnerable>
+    </package>
+    <package name="app-portage/gentoolkit" auto="yes" arch="*">
+      <unaffected range="ge">0.2.0_pre10-r1</unaffected>
+      <unaffected range="rge">0.2.0_pre8-r1</unaffected>
+      <vulnerable range="le">0.2.0_pre10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Portage is Gentoo's package management tool. The dispatch-conf utility
+    allows for easy rollback of configuration file changes and automatic
+    updates of configurations files never modified by users. Gentoolkit is
+    a collection of Gentoo specific administration scripts, one of which is
+    the portage querying tool qpkg.
+    </p>
+  </background>
+  <description>
+    <p>
+    dispatch-conf and qpkg use predictable filenames for temporary files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    A local attacker could create symbolic links in the temporary files
+    directory, pointing to a valid file somewhere on the filesystem. When
+    an affected script is called, this would result in the file to be
+    overwritten with the rights of the user running the dispatch-conf or
+    qpkg, which could be the root user.
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Portage users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=sys-apps/portage-2.0.51-r3"</code>
+    <p>
+    All Gentoolkit users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge --sync
+    # emerge --ask --oneshot --verbose "&gt;=app-portage/gentoolkit-0.2.0_pre8-r1"</code>
+  </resolution>
+  <references>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1107">CVE-2004-1107</uri>
+    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1108">CVE-2004-1108</uri>
+  </references>
+  <metadata tag="requester" timestamp="2004-11-02T14:02:06Z">
+    koon
+  </metadata>
+  <metadata tag="submitter" timestamp="2004-11-02T17:41:31Z">
+    jaervosz
+  </metadata>
+  <metadata tag="bugReady" timestamp="2004-11-07T11:16:08Z">
+    jaervosz
+  </metadata>
+</glsa>
-- 
cgit v1.2.3