Security Information / 2001 / Security Information -- DSA-037-1 Athena Widget replacement libraries

Debian Security Advisory

DSA-037-1 Athena Widget replacement libraries -- insecure tempfile handling

Date Reported:

07 Mar 2001

Affected Packages:

nextaw
xaw3d
xaw95

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

It has been reported that the AsciiSrc and MultiSrc widget in the Athena widget library handle temporary files insecurely. Joey Hess has ported the bugfix from XFree86 to these Xaw replacements libraries. The fixes are available in nextaw 0.5.1-34potato1, xaw3d 1.3-6.9potato1, and xaw95 1.1-4.6potato1.

Fixed in:

Debian 2.2 (potato)

Source:

http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1-34potato1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1-34potato1.dsc

http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1.orig.tar.gz

http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3-6.9potato1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3-6.9potato1.dsc

http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3.orig.tar.gz

http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1-4.6potato1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1-4.6potato1.dsc

http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1.orig.tar.gz

i386:

http://security.debian.org/dists/stable/updates/main/binary-i386/nextaw_0.5.1-34potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/nextawg_0.5.1-34potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3d_1.3-6.9potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3dg-dev_1.3-6.9potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3dg_1.3-6.9potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xaw95g_1.1-4.6potato1_i386.deb

m68k:

http://security.debian.org/dists/stable/updates/main/binary-m68k/nextaw_0.5.1-34potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/nextawg_0.5.1-34potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3d_1.3-6.9potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3dg-dev_1.3-6.9potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3dg_1.3-6.9potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw95g_1.1-4.6potato1_m68k.deb