Date: Fri, 30 May 2008 09:08:29 +0200 From: Robert Buchholz <rbu@...too.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: uudeview On Tuesday 13 May 2008, Nico Golde wrote: > It makes use of tempnam which is known to be insecure to > generate temporary files. nzbget before 0.3.0 (I tried 0.2.3) ships a copy of the affected code. Nico's patch applies there fine. As for false positives, Convert-UUlib and pan fixed their copies of the code. Robert Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ