oss-sec mailing list archives

Re: CVE Request: XML-DT: Insecure use of temporary files

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 2 Aug 2014 07:34:30 +0200

Hi,

On Thu, Jul 31, 2014 at 07:12:28AM +0200, Salvatore Bonaccorso wrote:

Hi

Steve Kemp reported to to the Debian BTS in [1] that the XML-DT Perl
module distribution contains mkdtskel and mkxmltype using insecurely
temporary files using the pid of the process in the temporary file
name.

 [1] https://bugs.debian.org/756566

Could a CVE be assigned for this issue?


For the record: Ths was fixed in XML-DT 0.65 upstream, see

https://metacpan.org/diff/file?target=AMBS/XML-DT-0.65/&source=AMBS/XML-DT-0.63/

Regards,
Salvatore

Current thread:

CVE Request: XML-DT: Insecure use of temporary files Salvatore Bonaccorso (Jul 30)
- Re: CVE Request: XML-DT: Insecure use of temporary files Salvatore Bonaccorso (Aug 01)
- Re: CVE Request: XML-DT: Insecure use of temporary files cve-assign (Aug 15)
  - Re: CVE Request: XML-DT: Insecure use of temporary files Alberto Simoes (Aug 15)