oss-sec mailing list archives
CVE request: unsafe use of /tmp in multiple CPAN modules
From: John Lightsey <john () nixnuts net>
Date: Fri, 04 Nov 2011 09:46:45 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 These were reported to the upstream authors a while back. None of these bugs are fixed in the currently available versions: PAR::Packer - PAR packed files are extracted to unsafe and predictable temporary directories https://rt.cpan.org/Public/Bug/Display.html?id=69560 Parallel::ForkManager - Insecure /tmp file handling https://rt.cpan.org/Public/Bug/Display.html?id=68298 File::Temp - _is_safe() allows unsafe traversal of symlinks https://rt.cpan.org/Public/Bug/Display.html?id=69106 Batch::BatchRun - Unsafe /tmp file usage https://rt.cpan.org/Public/Bug/Display.html?id=69594 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOs/rHAAoJEORPgBbTYw+JY8kP/RTQuY2il0nMIRnG2D1OrBpu vHA9uyeOx5QuEliatgWaaAFrlXCi7gSkMdq91JxCK2QM8feJ2EGqOBhbrX9CShsb jpVO5xvo9mUVe70yBpplu3y0S5qPaNw3BjN6baiVlN04sl/rrhFeGigfkJo7erPH RSBaTTUyNTHjwEjyl8WFgpl8kJDyeQoHDGEZhb106l6uAsNCscF+6thxUoEZUMo8 8ljxylnobzvzL2TNhhTuTX5NtFH5TjvKGm/NeuSH2avCrY+S4dM9MZtAI+ofp1Z6 3DuTSUpjA4hJDK43KqWGEpxvEpVjwd5jo887uYvfzLev9YTz3fc78H+rb0ishkH3 mdsmq42n8WGdoFMduZpDWzxdYi5mBCDipgd95PuQAT6+ya7/hSZRZ4KvgInP6Bcv bLCyqtMFm+z3KaufFKK6M3wafR+DCvsBM/8MT+EyQJgrClPBLFJ2J3d0N4u6qZCc vNYMrj4L6Vxfm7VoEe6gSwKKaRxvPdboXlxS6ubK6E9LLNcWewObm6foFIddXotD RtCSnROZrWubG73RFTKrjqrHIaK4ktO/x6bCdQyA3ziBIQOM9xUvTHkJeDtuIe+W RcwZVAtM4U8wmVVlkqBgEde2ipBKITEUPXLbLyQ7MrAeiuRBLT6wsfTqPh+EJ5ga r7V7cmFNq/btoySXFcI8 =WTKm -----END PGP SIGNATURE-----
Current thread:
- CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Kurt Seifried (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)