Date: Tue, 22 Jan 2013 09:27:46 +0100 From: Helmut Grohne <helmut@...divi.de> To: oss-security@...ts.openwall.com Subject: predictable /tmp filename in git-extras Please assign a CVE identifier for the obvious predictable /tmp filename used in git-effort and git-changelog. The latter was discovered by Jonathan Wiltshire after my initial discovery of the former. The issue is already tracked within Debian and there also is a solution. Thanks Helmut  https://github.com/visionmedia/git-extras/blob/master/bin/git-effort  https://github.com/visionmedia/git-extras/blob/master/bin/git-changelog  http://bugs.debian.org/698490  http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=32;filename=git-extras-1.7.0-1.2-nmu.diff;att=1;bug=698490
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.