Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Dec 2012 11:31:43 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: team@...urity.debian.org
Subject: Inkscape reads .eps files from /tmp instead of the current
 directory

Hi

Going trough some bugreports in Debian I noticed [1], [2] I haven't
found a CVE for "Inkscape reads .eps files from /tmp instead of the
current directory".

If one has file foo.eps in current directory, and /tmp/foo.eps is
present

 $ inkscape foo.eps

opens the copy in /tmp/foo.eps

Does this warrants a CVE? If so could you assign one?

 [1]: http://bugs.debian.org/654341
 [2]: https://bugs.launchpad.net/inkscape/+bug/911146

Regards,
Salvatore

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ