Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Mar 2014 18:39:40 -0800
From: Don Armstrong <>
Cc:, Jakub Wilk <>
Subject: Re: Bug#740670: possible CVE requests: perltidy insecure temporary
 file usage

On Tue, 04 Mar 2014, Murray McAllister wrote:
> Jakub Wilk and Don Armstrong are discussing in
> 1) perltidy
> creating a temporary file with default permissions instead of 0600
> 2) the use of tmpnam().

The following trivial patch fixes this issue by just using File::Temp
I'm currently preparing an upload which will resolve this issue for
Debian in unstable and testing; I'm not certain if it necessitates a CVE
or security update in stable, but if anyone feels that way, I don't mind
preparing one.

Don Armstrong            

listen, what you do in the privacy
of your neighbour's house while they're away
is your own business
 -- a softer world #511

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ