Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 06 Feb 2014 14:59:32 +1100
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
CC: 737778@...s.debian.org
Subject: CVE request: f2py insecure temporary file use

Hello,

Jakub Wilk reported insecure temporary file use in f2py. From 
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778>:

""
numpy/f2py/__init__.py contains this code:

      from numpy.distutils.exec_command import exec_command
      import tempfile
      if source_fn is None:
          fname = os.path.join(tempfile.mktemp()+'.f')
      else:
          fname = source_fn

      f = open(fname,'w')
""

Can a CVE please be assigned if one hasn't been already?

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
https://bugzilla.redhat.com/show_bug.cgi?id=1062009

Thanks,

--
Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ