[ubuntu/hardy-security] open-iscsi 2.0.865-1ubuntu3.5 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Thu Oct 20 21:03:34 UTC 2011
open-iscsi (2.0.865-1ubuntu3.5) hardy-security; urgency=low
* SECURITY UPDATE: temporary file vulnerability (LP: #408915)
- utils/iscsi_discovery: use mktemp to store iscsiadm -m discovery result
rather than writing it to an insecurely-created temporary file. Move
cleanup sooner so we don't leave files around if nothing is discovered.
- CVE-2009-1297
Date: Thu, 20 Oct 2011 14:23:00 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/open-iscsi/2.0.865-1ubuntu3.5
-------------- next part --------------
Format: 1.7
Date: Thu, 20 Oct 2011 14:23:00 -0500
Source: open-iscsi
Binary: open-iscsi open-iscsi-udeb
Architecture: source
Version: 2.0.865-1ubuntu3.5
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
open-iscsi - High performance, transport independent iSCSI implementation
open-iscsi-udeb - Configure iSCSI
Launchpad-Bugs-Fixed: 408915
Changes:
open-iscsi (2.0.865-1ubuntu3.5) hardy-security; urgency=low
.
* SECURITY UPDATE: temporary file vulnerability (LP: #408915)
- utils/iscsi_discovery: use mktemp to store iscsiadm -m discovery result
rather than writing it to an insecurely-created temporary file. Move
cleanup sooner so we don't leave files around if nothing is discovered.
- CVE-2009-1297
Files:
eb586ab890d2803c3be5a71e22cccb75 1343 net optional open-iscsi_2.0.865-1ubuntu3.5.dsc
d6fb0208b0538da99c52ce0dcbd3356d 8171 net optional open-iscsi_2.0.865-1ubuntu3.5.diff.gz
Original-Maintainer: Philipp Hug <debian at hug.cx>
More information about the Hardy-changes
mailing list