Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Aug 2014 07:34:30 +0200
From: Salvatore Bonaccorso <>
Subject: Re: CVE Request: XML-DT: Insecure use of temporary


On Thu, Jul 31, 2014 at 07:12:28AM +0200, Salvatore Bonaccorso wrote:
> Hi
> Steve Kemp reported to to the Debian BTS in [1] that the XML-DT Perl
> module distribution contains mkdtskel and mkxmltype using insecurely
> temporary files using the pid of the process in the temporary file
> name.
>  [1]
> Could a CVE be assigned for this issue?

For the record: Ths was fixed in XML-DT 0.65 upstream, see


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ