Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 09 Sep 2014 00:50:07 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        Assign a CVE Identifier <cve-assign@...re.org>
Subject: vos tmp vuln

https://pypi.python.org/pypi/vos

filed at https://github.com/canfar/vos/issues/42

vos-1.10.4/vos/md5_cache.py

import sqlite3, logging
READBUF = 8192

class MD5_Cache:

    def __init__(self, cache_db="/tmp/#vos_cached.db#"):
        """Setup the sqlDB that will contain the cache table"""
        self.cache_db = cache_db

        ## initialize the md5Cache db
        sqlConn = sqlite3.connect(self.cache_db)
        with sqlConn:
            sqlConn.execute("create table if not exists md5_cache (fname
text PRIMARY KEY NOT NULL , md5 text, st_size int, st_mtime int)")
        ## build cache lookup if doesn't already exists


-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.