[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: flexlay: Insecure use of temporary files
From: Max Teufel <max () teufelsnetz ! com>
Date: 2015-12-28 7:18:02
Message-ID: 5680E22A.4070505 () teufelsnetz ! com
[Download RAW message or body]
Hi,
Flexlay [1], a generic 2D editor, insecurely uses temporary files which
have a fixed name. This affects the current development tree (which is
the most used version of flexlay) as well as older releases. Reported in
flexlay's issue tracker as #65 [2].
A CVE has previously been requested from secalert@redhat.com, however,
they told me I should use this list as the FIXME comment [3] in the
affected code is apparently public enough.
[1] https://github.com/SuperTux/flexlay
[2] https://github.com/SuperTux/flexlay/issues/65
[3]
https://github.com/SuperTux/flexlay/blob/21b881b0e6b71897b1a6f164239f1bad17a0c404/supertux/gui.py#L287
Regards,
Max Teufel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic