Subject: CVS commit: pkgsrc/net/socat
From: Leonardo Taccari
Date: 2025-01-19 18:46:10
Message id: 20250119174610.5AF2CFBDD@cvs.NetBSD.org
Log Message:
socat: Update to 1.8.0.2

Changes:
1.8.0.2
Security:
Socat security advisory 9
CVE-2024-54661: Arbitrary file overwrite
Socat 1.6.0.0 through 1.8.0.1 and version 2 distributions contain a
wrapper script "readline.sh" that uses a predictable temporary
directory, allowing unprivileged users to overwrite arbitrary files
belonging to the scripts caller.
This is fixed in Version 1.8.0.2
Mitigating factors: readline.sh is usually neither installed in a bin
directory nor is it documented. Major Linux distributions install it in
examples/ or doc/; however it is invoked by test.sh script.
Thanks to Wolfgang Frisch from SuSE for finding and reporting this
issue.
Files:
RevisionActionfile
1.56modifypkgsrc/net/socat/Makefile
1.39modifypkgsrc/net/socat/distinfo