Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Aug 2014 07:34:30 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: XML-DT: Insecure use of temporary
 files

Hi,

On Thu, Jul 31, 2014 at 07:12:28AM +0200, Salvatore Bonaccorso wrote:
> Hi
> 
> Steve Kemp reported to to the Debian BTS in [1] that the XML-DT Perl
> module distribution contains mkdtskel and mkxmltype using insecurely
> temporary files using the pid of the process in the temporary file
> name.
> 
>  [1] https://bugs.debian.org/756566
> 
> Could a CVE be assigned for this issue?

For the record: Ths was fixed in XML-DT 0.65 upstream, see

https://metacpan.org/diff/file?target=AMBS/XML-DT-0.65/&source=AMBS/XML-DT-0.63/

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ