Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 19 Apr 2012 09:21:44 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matthias Weckbecker <mweckbecker@...e.de>
Subject: Re: CVE request: latex2man / texlive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/19/2012 07:20 AM, Matthias Weckbecker wrote:
> Hi Kurt, Steve, vendors,
> 
> recently there has been an issue reported by Helmut Grohne in
> latex2man. It seems to be different from what we had the other day
> (CVE-2012-2093 [1]). Bug report of the new issue is available at:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668779
> 
> Does this qualify for a CVE?

Sigh. And this is why people using bash should use mktemp(), all other
languages you probably want to use mkstemp().

Please use CVE-2012-2120 for this issue.

> Thanks, Matthias
> 
> [1] http://seclists.org/oss-sec/2012/q2/56


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPkC2HAAoJEBYNRVNeJnmT+bsP/iEFU3TXvzZyyQaP5Jrck7Yi
rCshcwpEnhoqCMvVvFpJdc5BfDVVcPGg92TG3V2TQdBqiB0l0CfndX+Q6IIAJLTo
hsX0fgg5rd6m6ftzDKtkQ4lGlvP3Vu32CdtJET8PInmNQ/9pVvsPvit3zYRCaBen
osffDlB9AbKYHbdGNeMBlYMOgjbtwNhzv+on48bjVW2VzXYFpX2yLkO8B964u022
iunDz0zCaRcAnOV1MvU9+v2mEvdb8gsGkFGvBYxKuXmv7APYYeJNr0qQS4PgxJwI
ePf0vxjfEbNIyHmMJ57zQrDZ2EqQKySqwvqJDgSKFn49NxYzP05/qiExujKSB86r
wws4y/xyIkkIFhFmRGNRR3i7c2vW8Zg/hvqLjZygrhkl1QLR+ZhYDIlKDYAV25Bh
RjShj9n5gCsd+kHdpqO7lq0u+4itZV8ff67NRk+VbulQ1OV5QShvMdh0MEGScbxm
HmQXObfZsSvtPyiYq+F1fiTO5DgiW6bhHNF7x7OZKDAlZZTfcEL5lu9vo4ocnRxP
Czm4qWxdn1PIXyN8x33vTsn0zt/CbxwvZ8KoO53hsq7N/iOz5RxFnwd1MafUDIze
HFQlplE7GPJxX9kL7Ax9Qs8FnSzmWifZZvwwIqUsHm0GqZ77tk85yZQ66DxDR4QI
l3lmFq7tUJUA+CzRAjip
=UDOO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ