Date: Fri, 15 Aug 2014 21:19:12 +0100 From: Alberto Simoes <ambs@...l-hackers.net> To: cve-assign@...re.org, carnil@...ian.org CC: oss-security@...ts.openwall.com, steve@...ve.org.uk, 756566@...s.debian.org, Nuno Carvalho <mestre.smash@...il.com> Subject: Re: CVE Request: XML-DT: Insecure use of temporary files Hello all, This was fixed in XML-DT-0.66 fixing that issue. It was just released to CPAN. Thank you alberto On 15/08/14, 21:10, cve-assign@...re.org wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> mkdtskel and mkxmltype using insecurely temporary files using the pid >> of the process in the temporary file name. >> >> /tmp/_xml_$$ >> >> https://bugs.debian.org/756566 > > Use CVE-2014-5260. > > >> fixed in XML-DT 0.65 upstream, see >> >> https://metacpan.org/diff/file?target=AMBS/XML-DT-0.65/&source=AMBS/XML-DT-0.63/ > > This actually doesn't seem to be fixed. However, we don't immediately > see a security problem in version 0.65 (only a usability problem), so > a second CVE ID isn't assigned at this point. > > Specifically, the latest version has: > > https://metacpan.org/source/AMBS/XML-DT-0.65/mkxmltype > > system("head -$lines $fname | xmllint --recover - > $fname"); > > which looks unintended (maybe $fname will always end up as a > zero-length file?). > > This apparently also affects libxml-dt-perl (0.65-1) from the > https://packages.debian.org/sid/libxml-dt-perl page. > > - -- > CVE assignment team, MITRE CVE Numbering Authority > M/S M300 > 202 Burlington Road, Bedford, MA 01730 USA > [ PGP key available through http://cve.mitre.org/cve/request_id.html ] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (SunOS) > > iQEcBAEBAgAGBQJT7mhqAAoJEKllVAevmvmsd6wH/1kq/+SPIZPj73hx7gHdF6Bs > apbtdF7zITzl+o9sNkiq/PR8a8Hln6ZvqCuyZMinQu9xv1mfanpheSsCw810q5ou > dP1Bhv+4zN91ukEMKnugYH3xnLn3GXnm0XXDL+mN90I4ev/CKJbKzLoeqHWxy0Ah > k1YDC1dG5eS9EIT6OhOWAZKX1zYB5SJ8SiyIhomp94Jymtnqd6IKs7kTkinaeoJ6 > AgSEFugTT6pr46rRKf+dkZ+KhsrhTLYVUGVajwYVOSQRPKLaMdIfdAwcM99fhfrX > k81O1GIO2CPRXslzzdqTTgoqaPjx9TqXQZdCA2CCKrDH1RHIpyPQCNrGAbTOeMk= > =dNlw > -----END PGP SIGNATURE----- >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ