Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 17 Mar 2014 11:24:57 -0400 (EDT)
From: cve-assign@...re.org
To: steve@...ve.org.uk
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Insecure usage of temporary files in GNU Readline

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>   sprintf (fnbuf, "/var/tmp/rltrace.%ld", getpid());
>   unlink(fnbuf);
>   _rl_tracefp = fopen (fnbuf, "w+");

Use CVE-2014-2524.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTJxJmAAoJEKllVAevmvmstlAIAIi0AcMJbpsK49FJhP6m9qob
ej4X6ASQtA+naA9HyFZBlvZboJYS1WMoMyts69F1yMOMLzxwXCxazZbX/0+gMKj/
sVjmIQeAB6QQJkFESlzdD4j1kG81qfcC4E5rPVse9lzpstP9j9IkpefpfzcGAwg2
wrDO11+9kyzJKD5DVfZWoX+fGhwp0ebzZrRf4jeQ6nHMN5pvYPk36g0Uqo8nDof7
vwu2lNTF9PHNrzt3U+xF2CR4sJsmcrkzuh9XwEtIpEi/za4bL8Too6ITfRcdnbAz
IEn/lORGcUuAQyWdPoTxcMb5Ge/4iCWx0zAlB7j6VGB1NZ4VgkK2tnDd2vh8jBM=
=Cd3q
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.