oss-sec mailing list archives
Re: predictable /tmp filename in git-extras
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 23 Jan 2013 02:35:55 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/22/2013 01:27 AM, Helmut Grohne wrote:
Please assign a CVE identifier for the obvious predictable /tmp filename used in git-effort[1] and git-changelog[2]. The latter was discovered by Jonathan Wiltshire after my initial discovery of the former. The issue is already tracked within Debian[3] and there also is a solution[4]. Thanks Helmut [1] https://github.com/visionmedia/git-extras/blob/master/bin/git-effort
[2] https://github.com/visionmedia/git-extras/blob/master/bin/git-changelog
[3] http://bugs.debian.org/698490 [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=32;filename=git-extras-1.7.0-1.2-nmu.diff;att=1;bug=698490
Please
use CVE-2012-6114 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ/677AAoJEBYNRVNeJnmT8nUP/RuaKd3yOUgn9B7RM3TfsNah LJN6GS2KmnUFZkmrCeXpXN6lCF+eMZ4AT/2sCiRjcj+03oj5iV0VOpuP1Y8T+maE ACIc8Ba6Kev1Uw8jTSOd+nGFGqyMUWNAa+8FVBsg6Vb5tfwEkXyJ3w1vOhiei2NM Ha+eJh6Pqv02AAN9Ttv1Kycm2ol+7IzYVqLPdY978PIHTFkJmgLY9KxC1NAi+p75 dwiHcngRdgUOnQQC7hQyYqpbHJVMp1Bn1LDC8Ca/NtEeGPA6kPwFsDe+uedv+DUb KNVAXqh7Sc1NocrQaMSi+wRQ5BrHUeMivedQEmfnHKlBAk7ATsWp4hyX4SdrZkcz +A0lBzSb52ZM0euFKd8jLaToFAH4vL3TUX6Sd4gOmctIOpVoLvOZfnVNgabUYOUc nfLzhOERgfAwgR6vucl80MGS4LDG+PcHNYCSZmblpyiK+RRrr8rYcw01MeAG0jGV c/Y1ItJBxQNZo9cISgqj4jCBTtKkHhbFLL3ySGz4Wnnf2FIymC7mI3gknoZHg8fN Uz+WnVAeayHl5rNnhtncKPZaDVreFc+d5BVpZhWmo/eHvsEaF6EpV333IM35ZdJh DzK1JXa4F1PC9uGqUtSpy+DiMzrzv8O9YJfA2e+C3sfa1RAbxZvM16EbhVZ97ANQ kM0Y+3hXhjhFFFmRs33a =u50i -----END PGP SIGNATURE-----
Current thread:
- predictable /tmp filename in git-extras Helmut Grohne (Jan 22)
- Re: predictable /tmp filename in git-extras Kurt Seifried (Jan 23)