Date: Fri, 11 Dec 2009 17:32:12 -0600 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE request: insecure usage of temporary files in docutils -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Jakub Wilk found an insecure usage of temporary files with predictable names in the emacs mode reStructuredText (rst.el) as shipped by docutils 0.5 and 0.6 that allows a local user to perform a symlink attack to overwrite arbitrary files. References: http://docutils.sourceforge.net/ http://bugs.debian.org/560755 Could a CVE be assigned for this issue? Thanks in advance. Regards, - -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksi1oAACgkQYy49rUbZzlqYugCfRB1FYUUUWgZzyEApDz4qiKQJ ewsAoJDOy+VkyB+xrtytHa4u5UgAffJJ =R0mm -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ