Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE assignment for jinja2
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 10 Jan 2014 22:34:10 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7

dirname = '_jinja2-cache-%d' % os.getuid()

Arun Babu Neelicattu of Red Hat spotted this commit which introduces a
temporary file creation vulnerability. This issue has been assigned
CVE-2014-0012. For information on how to safely create temporary files
please see
http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/

For Python simply use ?mkstemp? for files and ?mkdtemp? for
directories from the ?tempfile? module.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJS0NfSAAoJEBYNRVNeJnmT9BMQAMg1DOmYdeZc+E4iKDf8DB8Z
pUwmv0fq64L1zkWK6tPi4PcEAh2b37RaVKTW8pU7QAzsDYiQvuPpgFKrAKD/wKJq
S6ySyyILmc8+ZDdamkRTq97i8Cfe/tf5wR/el4Cax+P8sL5qlfAKzfzdoG6PHErk
zlvfv6ESAPDAmh6iC4ckd4+Kkda6xdN1pAJsY3y+TTtE/tnCRJfR5r6QZLsJma8p
ovRZ4zzbn0I+i5/kyReVKKRQSaHF2jMY5Mt12V/vkIFyHovL9MJC7GrSos0VM6C1
V6YtkWjc/GYyIeookaHXRpaJx65BLqPcaQ6EpQ8jcogkfnHT0Eyh9G9EItcfqA9g
2rd7/1H6zpM+ijzq4SVFZAzhXvUmstk6ruUzbP90BPwrD6YEobzRTys/ZsV9Wnek
HCTW2NYh/qXRSvQrwNoKB8rIrvg2YKoz40LBsMF3fsvrWKZ86zBNYsgebXecdc+T
F+fNh7ioBWZnKGpZFCCzarAzrV1OjkSuAmf7cLLITSttJOAZkD1bcn40R2Z6YiRf
fWKgR8Af/SqIq6/8EVk9FEzJ9ni2I/0qaPOzX5927xSV+4vogyYBq4RZhEwqCQjs
+zfpiOUwzDuiQ5aRmMYqJSXK5ww+qO5hNiLyyxfLY/psaP2Y2df5zaRltvMLxCuk
wU92wxHFjUBKS5wBgwlP
=7f5m
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault