Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 15 Aug 2014 21:19:12 +0100
From: Alberto Simoes <ambs@...l-hackers.net>
To: cve-assign@...re.org, carnil@...ian.org
CC: oss-security@...ts.openwall.com, steve@...ve.org.uk, 
 756566@...s.debian.org, Nuno Carvalho <mestre.smash@...il.com>
Subject: Re: CVE Request: XML-DT: Insecure use of temporary files


Hello all,

This was fixed in XML-DT-0.66 fixing that issue.
It was just released to CPAN.

Thank you
alberto

On 15/08/14, 21:10, cve-assign@...re.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> mkdtskel and mkxmltype using insecurely temporary files using the pid
>> of the process in the temporary file name.
>>
>> /tmp/_xml_$$
>>
>> https://bugs.debian.org/756566
>
> Use CVE-2014-5260.
>
>
>> fixed in XML-DT 0.65 upstream, see
>>
>> https://metacpan.org/diff/file?target=AMBS/XML-DT-0.65/&source=AMBS/XML-DT-0.63/
>
> This actually doesn't seem to be fixed. However, we don't immediately
> see a security problem in version 0.65 (only a usability problem), so
> a second CVE ID isn't assigned at this point.
>
> Specifically, the latest version has:
>
>    https://metacpan.org/source/AMBS/XML-DT-0.65/mkxmltype
>
>    system("head -$lines $fname | xmllint --recover - > $fname");
>
> which looks unintended (maybe $fname will always end up as a
> zero-length file?).
>
> This apparently also affects libxml-dt-perl (0.65-1) from the
> https://packages.debian.org/sid/libxml-dt-perl page.
>
> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (SunOS)
>
> iQEcBAEBAgAGBQJT7mhqAAoJEKllVAevmvmsd6wH/1kq/+SPIZPj73hx7gHdF6Bs
> apbtdF7zITzl+o9sNkiq/PR8a8Hln6ZvqCuyZMinQu9xv1mfanpheSsCw810q5ou
> dP1Bhv+4zN91ukEMKnugYH3xnLn3GXnm0XXDL+mN90I4ev/CKJbKzLoeqHWxy0Ah
> k1YDC1dG5eS9EIT6OhOWAZKX1zYB5SJ8SiyIhomp94Jymtnqd6IKs7kTkinaeoJ6
> AgSEFugTT6pr46rRKf+dkZ+KhsrhTLYVUGVajwYVOSQRPKLaMdIfdAwcM99fhfrX
> k81O1GIO2CPRXslzzdqTTgoqaPjx9TqXQZdCA2CCKrDH1RHIpyPQCNrGAbTOeMk=
> =dNlw
> -----END PGP SIGNATURE-----
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.