Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 08 Oct 2015 18:19:05 +0200
From: Daniel Stender <debian@...ielstender.com>
To: oss-security@...ts.openwall.com
CC: 756432@...s.debian.org, 
 Debian Security Team <team@...urity.debian.org>,
 Salvatore Bonaccorso <carnil@...ian.org>
Subject: CVE request: Gummi

Hello,

I request a CVE for Gummi (LaTeX editor with preview pane) [1], the current
release is 0.6.5.

The program uses predictable filenames for files in /tmp, which produces a race
condition [2].

I'm Debian maintainer for this software.

Please assign a CVE as appropriate.

Thanks,
Daniel Stender

[1] https://github.com/alexandervdm/gummi

[2] https://bugs.debian.org/756432
    gummi: Uses predictable filenames in /tmp based on basename

-- 
4096R/DF5182C8
46CB 1CA8 9EA3 B743 7676 1DB9 15E0 9AF4 DF51 82C8
LPI certified Linux admin (LPI000329859 64mz6f7kt4)
http://www.danielstender.com/blog/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ