Date: Mon, 28 Dec 2015 08:18:02 +0100 From: Max Teufel <max@...felsnetz.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request: flexlay: Insecure use of temporary files Hi, Flexlay , a generic 2D editor, insecurely uses temporary files which have a fixed name. This affects the current development tree (which is the most used version of flexlay) as well as older releases. Reported in flexlay's issue tracker as #65 . A CVE has previously been requested from secalert@...hat.com, however, they told me I should use this list as the FIXME comment  in the affected code is apparently public enough.  https://github.com/SuperTux/flexlay  https://github.com/SuperTux/flexlay/issues/65  https://github.com/SuperTux/flexlay/blob/21b881b0e6b71897b1a6f164239f1bad17a0c404/supertux/gui.py#L287 Regards, Max Teufel
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ