Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 28 Dec 2015 08:18:02 +0100
From: Max Teufel <max@...felsnetz.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: flexlay: Insecure use of temporary files

Hi,

Flexlay [1], a generic 2D editor, insecurely uses temporary files which
have a fixed name. This affects the current development tree (which is
the most used version of flexlay) as well as older releases. Reported in
flexlay's issue tracker as #65 [2].

A CVE has previously been requested from secalert@...hat.com, however,
they told me I should use this list as the FIXME comment [3] in the
affected code is apparently public enough.

 [1] https://github.com/SuperTux/flexlay
 [2] https://github.com/SuperTux/flexlay/issues/65
 [3]
https://github.com/SuperTux/flexlay/blob/21b881b0e6b71897b1a6f164239f1bad17a0c404/supertux/gui.py#L287

Regards,
Max Teufel

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ