oss-sec mailing list archives
predictable /tmp filename in git-extras
From: Helmut Grohne <helmut () subdivi de>
Date: Tue, 22 Jan 2013 09:27:46 +0100
Please assign a CVE identifier for the obvious predictable /tmp filename used in git-effort[1] and git-changelog[2]. The latter was discovered by Jonathan Wiltshire after my initial discovery of the former. The issue is already tracked within Debian[3] and there also is a solution[4]. Thanks Helmut [1] https://github.com/visionmedia/git-extras/blob/master/bin/git-effort [2] https://github.com/visionmedia/git-extras/blob/master/bin/git-changelog [3] http://bugs.debian.org/698490 [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=32;filename=git-extras-1.7.0-1.2-nmu.diff;att=1;bug=698490
Current thread:
- predictable /tmp filename in git-extras Helmut Grohne (Jan 22)
- Re: predictable /tmp filename in git-extras Kurt Seifried (Jan 23)