oss-sec mailing list archives

predictable /tmp filename in git-extras

From: Helmut Grohne <helmut () subdivi de>
Date: Tue, 22 Jan 2013 09:27:46 +0100

Please assign a CVE identifier for the obvious predictable /tmp filename
used in git-effort[1] and git-changelog[2]. The latter was discovered by
Jonathan Wiltshire after my initial discovery of the former. The issue
is already tracked within Debian[3] and there also is a solution[4].

Thanks

Helmut

[1] https://github.com/visionmedia/git-extras/blob/master/bin/git-effort
[2] https://github.com/visionmedia/git-extras/blob/master/bin/git-changelog
[3] http://bugs.debian.org/698490
[4] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=32;filename=git-extras-1.7.0-1.2-nmu.diff;att=1;bug=698490

Current thread:

predictable /tmp filename in git-extras Helmut Grohne (Jan 22)
- Re: predictable /tmp filename in git-extras Kurt Seifried (Jan 23)