oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: gri < 2.12.18 insecure temp file generation

From: Henri Salo <henri () nerv fi>
Date: Thu, 28 Jul 2011 15:41:54 +0300
On Thu, Mar 03, 2011 at 03:38:32PM -0500, Josh Bressers wrote:

----- Original Message -----

Can I get CVE-identifier for this vulnerability? It's old one :)

Software gri is vulnerable to insecure temp file generation.

References:
http://gri.sourceforge.net/gridoc/html/Version_2_12.html
http://security-tracker.debian.org/tracker/TEMP-0000000-6359AF (please
note that this URL is not meant for public use as it is temporary)



Steve,

Can MITRE take this. It needs a 2008 ID. It appears the commit for this fix
is here:
https://github.com/dankelley/gri/commit/ddd3ce40b77214f870f3c8f8e495411e01c0f90e

Thanks.

-- 
    JB


This is still unhandled. What is the status?

Best regards,
Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: