Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 27 Dec 2015 11:49:53 -0500 (EST)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, steve@...ve.org.uk, rlb@...aultvalue.org
Subject: Re: CVE Request: Stalin: Insecure use of temporary files

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugs.debian.org/808730
> 
> the following code in /usr/lib/stalin/QobiScheme.sc:
> 
>     (system "uname -m >/tmp/QobiScheme.tmp")
>     ...
>     (system "rm -f /tmp/QobiScheme.tmp")

Use CVE-2015-8697.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWgBW/AAoJEL54rhJi8gl5qB4P/0KaDxTWTX6p4UVxVjbnS1+P
GfXxZd+fevCcubF4NhKbOtzXK+D3gzpCpOq6D7y75Zqt0pVo5P4+Oo5KNibfXGq1
J8fQX18pknwuc7cB2Qs2pZBIIvlm9WQ2NLxsjerLM0WWFVmjXT0BX2jsZMTwynem
+Uwlxpv/hCwoIv2Behwd4pQOVk3gF/oa8Hpxd9q5jioHCzibpqIi3mFz2smZRgaN
j+b/nyPY6oX8CMeTB+Q+FJWYMMNBSf/nBOJ1nypXofpJkR3iJyZYQH2DrdkwL8eO
J8V29HADZJcBn0WuYNeGtonAhSi5kCrSTKzkrGR6pHaG4ah3BW0YPyMfjq9lAnhF
i49wP4l3idgDU7y/Y47ZUszHfwULKZj7Kki6e/wlenkhs7CycCe7SkfwDXT243y/
1+6vpVKjnuTGQFQyBwFFaCpvlieetJI3LWIhKNdzapahEDXl9l8Hxlvp1OICRjpn
CglhID7r5eHD2PCE80/o/p0uBi5481chq6rbBRcASPukrx+3wGY40ROVAu05S+kw
YPfX0T+LHOw5Jb0Dh5ffvOeVWNVo0fKNQX2tIzTPI5t1hJOenUBjMCxkcpD8qqNP
MjHfFA1BxMZMyy8DthGp8G221lgw6Jjpwy1WG0kpb7BcCkP5tPOeN4KnyaV8CCW+
dExiCfSeiL+AAI8rzFQQ
=mtan
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.