[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: insecure usage of temporary files in docutils
From: Raphael Geissert <geissert () debian ! org>
Date: 2009-12-11 23:32:12
Message-ID: hfukps$iqt$1 () ger ! gmane ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Jakub Wilk found an insecure usage of temporary files with predictable names
in the emacs mode reStructuredText (rst.el) as shipped by docutils 0.5 and
0.6 that allows a local user to perform a symlink attack to overwrite
arbitrary files.
References:
http://docutils.sourceforge.net/
http://bugs.debian.org/560755
Could a CVE be assigned for this issue?
Thanks in advance.
Regards,
- --
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksi1oAACgkQYy49rUbZzlqYugCfRB1FYUUUWgZzyEApDz4qiKQJ
ewsAoJDOy+VkyB+xrtytHa4u5UgAffJJ
=R0mm
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic