Date: Thu, 06 Feb 2014 14:59:32 +1100 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com CC: 737778@...s.debian.org Subject: CVE request: f2py insecure temporary file use Hello, Jakub Wilk reported insecure temporary file use in f2py. From <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778>: "" numpy/f2py/__init__.py contains this code: from numpy.distutils.exec_command import exec_command import tempfile if source_fn is None: fname = os.path.join(tempfile.mktemp()+'.f') else: fname = source_fn f = open(fname,'w') "" Can a CVE please be assigned if one hasn't been already? References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778 https://bugzilla.redhat.com/show_bug.cgi?id=1062009 Thanks, -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ