Date: Sat, 2 Aug 2014 07:34:30 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: XML-DT: Insecure use of temporary files Hi, On Thu, Jul 31, 2014 at 07:12:28AM +0200, Salvatore Bonaccorso wrote: > Hi > > Steve Kemp reported to to the Debian BTS in  that the XML-DT Perl > module distribution contains mkdtskel and mkxmltype using insecurely > temporary files using the pid of the process in the temporary file > name. > >  https://bugs.debian.org/756566 > > Could a CVE be assigned for this issue? For the record: Ths was fixed in XML-DT 0.65 upstream, see https://metacpan.org/diff/file?target=AMBS/XML-DT-0.65/&source=AMBS/XML-DT-0.63/ Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ