oss-sec mailing list archives
CVE assignment for jinja2
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 10 Jan 2014 22:34:10 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7 dirname = '_jinja2-cache-%d' % os.getuid() Arun Babu Neelicattu of Red Hat spotted this commit which introduces a temporary file creation vulnerability. This issue has been assigned CVE-2014-0012. For information on how to safely create temporary files please see http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/ For Python simply use ?mkstemp? for files and ?mkdtemp? for directories from the ?tempfile? module. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJS0NfSAAoJEBYNRVNeJnmT9BMQAMg1DOmYdeZc+E4iKDf8DB8Z pUwmv0fq64L1zkWK6tPi4PcEAh2b37RaVKTW8pU7QAzsDYiQvuPpgFKrAKD/wKJq S6ySyyILmc8+ZDdamkRTq97i8Cfe/tf5wR/el4Cax+P8sL5qlfAKzfzdoG6PHErk zlvfv6ESAPDAmh6iC4ckd4+Kkda6xdN1pAJsY3y+TTtE/tnCRJfR5r6QZLsJma8p ovRZ4zzbn0I+i5/kyReVKKRQSaHF2jMY5Mt12V/vkIFyHovL9MJC7GrSos0VM6C1 V6YtkWjc/GYyIeookaHXRpaJx65BLqPcaQ6EpQ8jcogkfnHT0Eyh9G9EItcfqA9g 2rd7/1H6zpM+ijzq4SVFZAzhXvUmstk6ruUzbP90BPwrD6YEobzRTys/ZsV9Wnek HCTW2NYh/qXRSvQrwNoKB8rIrvg2YKoz40LBsMF3fsvrWKZ86zBNYsgebXecdc+T F+fNh7ioBWZnKGpZFCCzarAzrV1OjkSuAmf7cLLITSttJOAZkD1bcn40R2Z6YiRf fWKgR8Af/SqIq6/8EVk9FEzJ9ni2I/0qaPOzX5927xSV+4vogyYBq4RZhEwqCQjs +zfpiOUwzDuiQ5aRmMYqJSXK5ww+qO5hNiLyyxfLY/psaP2Y2df5zaRltvMLxCuk wU92wxHFjUBKS5wBgwlP =7f5m -----END PGP SIGNATURE-----
Current thread:
- CVE assignment for jinja2 Kurt Seifried (Jan 10)
- Re: CVE assignment for jinja2 Vincent Danen (Jan 11)
- Re: CVE assignment for jinja2 Vincent Danen (Jan 11)
- Re: CVE assignment for jinja2 Salvatore Bonaccorso (Jan 11)
- Re: CVE assignment for jinja2 Vincent Danen (Jan 11)
- Re: CVE assignment for jinja2 Vincent Danen (Jan 11)