Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date:  Fri, 11 Dec 2009 17:32:12 -0600
From:  Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject:  CVE request: insecure usage of temporary files in docutils

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Jakub Wilk found an insecure usage of temporary files with predictable names
in the emacs mode reStructuredText (rst.el) as shipped by docutils 0.5 and
0.6 that allows a local user to perform a symlink attack to overwrite
arbitrary files.

References:
http://docutils.sourceforge.net/
http://bugs.debian.org/560755

Could a CVE be assigned for this issue?

Thanks in advance.

Regards,
- -- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksi1oAACgkQYy49rUbZzlqYugCfRB1FYUUUWgZzyEApDz4qiKQJ
ewsAoJDOy+VkyB+xrtytHa4u5UgAffJJ
=R0mm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ