Re: [notification] CVE-2013-6888: uscan: remote code execution

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> untarring files to a direct subdirectory of /tmp (at least without
> --keep-old-files) is a vulnerability, although admittedly with very
> low severity. If the tarball contained a "." file, then tar would
> change permissions of the destination directory

Use CVE-2013-7325.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS+527AAoJEKllVAevmvmsm2AIAI2p//1rhtqKktDuW8v6q9li
yESYOumwFjqyWm2yf/NUrtXjPB9kWBIApyy/vdEkC9MFn3B3WdB1MY59mb8hGymP
hsZ52QAg8yShbXBmL1ewAuVi70/hDEoGuX7RKEv5fqTyDfZb3QoKgHF6MGXMF+rJ
z8NeU8LnAqSk9ooglgEFjK66NmJhovNFd9KqGTsAmWPPkJtVjM7w9jGgkFwHk8u6
CCHn2NTisfLD7ceN408EfPMY1JGWaMuBRSODhYRGIEe4m+OKRHWNroXPlwyqX90Y
MlM7u7QpNWU/PHlaokrWT2TmeWqFEhnu7L3sjPytlCRSV/AHHtJlCScWek8Yio8=
=MVot
-----END PGP SIGNATURE-----