Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Sep 2014 11:55:56 +0200
From: Helmut Grohne <>
Subject: Re: CVE request: /tmp file vulnerability in ace

On Thu, Sep 11, 2014 at 03:33:17AM -0400, wrote:
> Use CVE-2014-6311.


> > An interesting find is bin/g++-dep line 63:
> > > TMP=/tmp/g++dep$$
> > This path is also used for writing.
> As far as we can tell, there is no bin/g++-dep in the
> upstream distribution. The bin/g++-dep
> issue, if confirmed, would not be within the scope of CVE-2014-6311.

I point out that said bin/g++-dep file can be found within

Nevertheless, this is not a CVE request, because it is not clear to me
in what ways this file is intended for user consumption (if at all). The
issue covered by CVE-2014-6311, on the other hand, can be reproduced by
executing Debian's dpkg-buildpackage or following upstream's


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ