Date: Sun, 07 Sep 2014 21:03:26 -0600 From: Kurt Seifried <kseifried@...hat.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: Python robotframework - tmp vuln Oh and the reason I'm not assigning CVE's for these is this is a side project on my own time to help push us over CVE10k but I'm too lazy to use my personal email account. =) On 07/09/14 08:49 PM, Kurt Seifried wrote: > This is the first of many, only looking at programs with >5000 downloads > in the last month. > > https://pypi.python.org/pypi/robotframework-pabot/ > > robotframework-pabot-0.8/pabot/result_merger.py > > if __name__ == '__main__': > merge('../tmp/passing.xml', > '../tmp/failing.xml').save('../tmp/merged.xml') > > -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ