By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.
Bug 2556 - [SECURITY] CVE-2015-7543: arts,tdelibs: Use of mktemp(3) allows attacker to hijack the IPC
Summary: [SECURITY] CVE-2015-7543: arts,tdelibs: Use of mktemp(3) allows attacker to h...
Status: RESOLVED FIXED
Alias: None
Product: TDE
Classification: Unclassified
Component: tdelibs (show other bugs)
Version: R14.1.x [Trinity]
Hardware: All All
: P5 normal
Assignee: Timothy Pearson
URL:
Depends on:
Blocks: R14.0.3
  Show dependency treegraph
 
Reported: 2015-12-07 23:10 CST by Yaakov Selkowitz
Modified: 2016-02-28 19:48 CST (History)
3 users (show)

See Also:
Compiler Version:
TDE Version String:
Application Version:
Application Name:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yaakov Selkowitz 2015-12-07 23:10:47 CST 
Originally noticed for KDE arts and kdelibs 3.x, the relevant code remains unchanged and so also applies to TDE arts and tdelibs:

https://bugzilla.redhat.com/show_bug.cgi?id=1280543
Comment 1 Slávek Banko 2015-12-13 13:56:58 CST 
For arts fixed in GIT hash bbb70b9e (master), 49e5417d (r14.0.x) and efe195c0 (v3.5.13-sru).

Fox tdelibs fixed in GIT hash 56eb4ba3 (master), e94aa50c (r14.0.x) and 85d0c0e8 (v3.5.13-sru).

Thank you for reporting this issue!
Comment 2 Michele Calgaro 2016-02-07 01:16:42 CST 
So can we close the bug? Or is there something more to do?
Comment 3 Slávek Banko 2016-02-07 03:32:53 CST 
(In reply to Michele Calgaro from comment #2)
> So can we close the bug? Or is there something more to do?

Bug report I deliberately left open until the final R14.0.3 will be released.
Comment 4 Slávek Banko 2016-02-28 19:48:42 CST 
R14.0.3 is being released!