Date: Fri, 04 Nov 2011 10:18:16 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: John Lightsey <john@...nuts.net> Subject: Re: CVE request: unsafe use of /tmp in multiple CPAN modules On 11/04/2011 08:46 AM, John Lightsey wrote: > These were reported to the upstream authors a while back. None of these > bugs are fixed in the currently available versions: > > > PAR::Packer - PAR packed files are extracted to unsafe and predictable > temporary directories > > https://rt.cpan.org/Public/Bug/Display.html?id=69560 Please use CVE-2011-4114 for this issue > Parallel::ForkManager - Insecure /tmp file handling > > https://rt.cpan.org/Public/Bug/Display.html?id=68298 > Please use CVE-2011-4115 for this issue > File::Temp - _is_safe() allows unsafe traversal of symlinks > > https://rt.cpan.org/Public/Bug/Display.html?id=69106 > Please use CVE-2011-4116 for this issue > Batch::BatchRun - Unsafe /tmp file usage > > https://rt.cpan.org/Public/Bug/Display.html?id=69594 > Please use CVE-2011-4117 for this issue -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ