Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 20 Apr 2014 11:17:43 +0200
From: Sylvestre Ledru <>
Subject: Re: Bug#744817: CVE request: insecure temporary file handling in
 clang's scan-build utility

On 19/04/2014 05:29, wrote:
> > Jakub Wilk discovered that clang's scan-build utility insecurely handled
> > temporary files.
> >
> > The GetHTMLRunDir subroutine ...
> > 3) The function doesn't fail if the directory already exists, even if
> > it's owned by another user.
> Use CVE-2014-2893.
I am going to have a look next week. It should be trivial to fix.


Download attachment "signature.asc" of type "application/pgp-signature" (881 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ