oss-sec mailing list archives
CVE request: insecure usage of temporary files in docutils
From: Raphael Geissert <geissert () debian org>
Date: Fri, 11 Dec 2009 17:32:12 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Jakub Wilk found an insecure usage of temporary files with predictable names in the emacs mode reStructuredText (rst.el) as shipped by docutils 0.5 and 0.6 that allows a local user to perform a symlink attack to overwrite arbitrary files. References: http://docutils.sourceforge.net/ http://bugs.debian.org/560755 Could a CVE be assigned for this issue? Thanks in advance. Regards, - -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksi1oAACgkQYy49rUbZzlqYugCfRB1FYUUUWgZzyEApDz4qiKQJ ewsAoJDOy+VkyB+xrtytHa4u5UgAffJJ =R0mm -----END PGP SIGNATURE-----
Current thread:
- CVE request: insecure usage of temporary files in docutils Raphael Geissert (Dec 11)