Re: CVE# request: pigz creates temp file with insecure permissions

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/15/2013 06:43 AM, Matthias Weckbecker wrote:
> On Friday 15 February 2013 09:33:30 Michael Tokarev wrote:
> > I think this one well deserves a CVE#.  I just submitted the
> > following bug #700608 to Debian BTS:
>
> Not sure if this qualifies for a CVE. At least similar issues did
> not get one in the past.
>
> > Thanks!
> >
> > /mjt
>
> Thanks, Matthias

- From the last discussion of this:

http://www.openwall.com/lists/oss-security/2012/09/24/4
http://www.openwall.com/lists/oss-security/2012/09/24/8
http://www.openwall.com/lists/oss-security/2012/09/24/9
http://www.openwall.com/lists/oss-security/2012/09/26/6

Basically I pointed out we need to define what information
MUST/SHOULD/SHOULD NOT/MUST NOT be marked as sensitive/etc so we can
apply appropriate file permissions and the discussion died.

So no CVE for this. Set your umask to be safe for now (and probably
forever =).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRHo2MAAoJEBYNRVNeJnmT2DgP/iUbj6zMd+lnCq4zOvLeLI1X
m9jRcG7XT47Wdc9eQUgxG9iY3Nvf77LxgWtFEOtWmiVhBYPJkvUd+ipsQ71tx1Hy
b1GkxVe9I6h3d2i0M9ytpuMV6d/vQAHwWeGNOL0LfapaBIFBC4aIdMem66iyCJKe
QHdRLAbx6Cipx1obr6Y5VO6QFqe01UsekMOP321IrppIJxk5PmBkyZH2qmGxnE86
yYQVYL5K+RJiStSt18ZQT+1vtVfazmsjn/A/GfgUnqgfuwGZyL5TGO1FlErQQ7TL
SRGN4HvNvXNlab9vfBFw4zT7ekHUdFdYf6AMbdVzrTvH6N2GT0vlemTjWwofBF25
1mT/Qcjv+MI7V4TT1Yz92n9vxLLpF3bRvUb0dv9+48Er9izzFPXFhRc1SZh99oBn
sQXEAchMvP84UV1dwb/BgQuxXYNdaY93Q1Zvj50WcQKFbtq28qvRgDVHCSUVSM+d
MMggkwYOUCw4qrCv4BfBQMbqdF6vJOexJkCNR6rOkOwSAg9uFhIOdOFEO1ztSXsO
wD69xTEQPXheVSi9kUk9Nf5b4OOb006ZiEbjvknbZ3yZurtBNgMH++tWbRK8y7z1
05JZjmTKuSyWACa2JVTmP+POvMXYLj9ZoWarTlJOqWHPB0AN2/Mnd2TqYpH+inUz
yK9qJBYIEHB2jAfmlAoS
=kUni
-----END PGP SIGNATURE-----