'Re: [oss-security] CVE request: gri < 2.12.18 insecure temp file'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: gri < 2.12.18 insecure temp file
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2011-07-28 15:18:40
Message-ID: Pine.GSO.4.64.1107281118250.20828 () faron ! mitre ! org
[Download RAW message or body]


Use CVE-2008-7291

- Steve


On Thu, 28 Jul 2011, Henri Salo wrote:

> On Thu, Mar 03, 2011 at 03:38:32PM -0500, Josh Bressers wrote:
>> ----- Original Message -----
>>> Can I get CVE-identifier for this vulnerability? It's old one :)
>>>
>>> Software gri is vulnerable to insecure temp file generation.
>>>
>>> References:
>>> http://gri.sourceforge.net/gridoc/html/Version_2_12.html
>>> http://security-tracker.debian.org/tracker/TEMP-0000000-6359AF (please
>>> note that this URL is not meant for public use as it is temporary)
>>>
>>
>> Steve,
>>
>> Can MITRE take this. It needs a 2008 ID. It appears the commit for this fix
>> is here:
>> https://github.com/dankelley/gri/commit/ddd3ce40b77214f870f3c8f8e495411e01c0f90e
>>
>> Thanks.
>>
>> --
>>     JB
>
> This is still unhandled. What is the status?
>
> Best regards,
> Henri Salo
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic