[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] predictable /tmp filename in git-extras
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-01-23 9:35:55
Message-ID: 50FFAEFB.7040402 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/22/2013 01:27 AM, Helmut Grohne wrote:
> Please assign a CVE identifier for the obvious predictable /tmp
> filename used in git-effort[1] and git-changelog[2]. The latter was
> discovered by Jonathan Wiltshire after my initial discovery of the
> former. The issue is already tracked within Debian[3] and there
> also is a solution[4].
>
> Thanks
>
> Helmut
>
> [1]
> https://github.com/visionmedia/git-extras/blob/master/bin/git-effort
>
>
[2] https://github.com/visionmedia/git-extras/blob/master/bin/git-changelog
> [3] http://bugs.debian.org/698490 [4]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=32;filename=git-extras-1.7.0-1.2-nmu.diff;att=1;bug=698490
Please
>
use CVE-2012-6114 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQ/677AAoJEBYNRVNeJnmT8nUP/RuaKd3yOUgn9B7RM3TfsNah
LJN6GS2KmnUFZkmrCeXpXN6lCF+eMZ4AT/2sCiRjcj+03oj5iV0VOpuP1Y8T+maE
ACIc8Ba6Kev1Uw8jTSOd+nGFGqyMUWNAa+8FVBsg6Vb5tfwEkXyJ3w1vOhiei2NM
Ha+eJh6Pqv02AAN9Ttv1Kycm2ol+7IzYVqLPdY978PIHTFkJmgLY9KxC1NAi+p75
dwiHcngRdgUOnQQC7hQyYqpbHJVMp1Bn1LDC8Ca/NtEeGPA6kPwFsDe+uedv+DUb
KNVAXqh7Sc1NocrQaMSi+wRQ5BrHUeMivedQEmfnHKlBAk7ATsWp4hyX4SdrZkcz
+A0lBzSb52ZM0euFKd8jLaToFAH4vL3TUX6Sd4gOmctIOpVoLvOZfnVNgabUYOUc
nfLzhOERgfAwgR6vucl80MGS4LDG+PcHNYCSZmblpyiK+RRrr8rYcw01MeAG0jGV
c/Y1ItJBxQNZo9cISgqj4jCBTtKkHhbFLL3ySGz4Wnnf2FIymC7mI3gknoZHg8fN
Uz+WnVAeayHl5rNnhtncKPZaDVreFc+d5BVpZhWmo/eHvsEaF6EpV333IM35ZdJh
DzK1JXa4F1PC9uGqUtSpy+DiMzrzv8O9YJfA2e+C3sfa1RAbxZvM16EbhVZ97ANQ
kM0Y+3hXhjhFFFmRs33a
=u50i
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic