Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 16 Jun 2014 23:00:21 +0200
From: Sylvestre Ledru <>
Subject: Re: Bug#744817: CVE request: insecure temporary file handling in
 clang's scan-build utility

On 16/06/2014 22:51, Sylvestre Ledru wrote:
> On 19/04/2014 05:29, wrote:
>>> Jakub Wilk discovered that clang's scan-build utility insecurely handled
>>> temporary files.
>>> The GetHTMLRunDir subroutine ...
>>> 3) The function doesn't fail if the directory already exists, even if
>>> it's owned by another user.
>> Use CVE-2014-2893.
> I think I fixed it upstream:
Actual patch fixed:
Sorry about the noise


Download attachment "signature.asc" of type "application/pgp-signature" (881 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ