oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: predictable /tmp filename in git-extras

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 23 Jan 2013 02:35:55 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/22/2013 01:27 AM, Helmut Grohne wrote:

Please assign a CVE identifier for the obvious predictable /tmp
filename used in git-effort[1] and git-changelog[2]. The latter was
discovered by Jonathan Wiltshire after my initial discovery of the
former. The issue is already tracked within Debian[3] and there
also is a solution[4].

Thanks

Helmut

[1]
https://github.com/visionmedia/git-extras/blob/master/bin/git-effort



[2] https://github.com/visionmedia/git-extras/blob/master/bin/git-changelog

[3] http://bugs.debian.org/698490 [4]
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=32;filename=git-extras-1.7.0-1.2-nmu.diff;att=1;bug=698490


Please



use CVE-2012-6114 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ/677AAoJEBYNRVNeJnmT8nUP/RuaKd3yOUgn9B7RM3TfsNah
LJN6GS2KmnUFZkmrCeXpXN6lCF+eMZ4AT/2sCiRjcj+03oj5iV0VOpuP1Y8T+maE
ACIc8Ba6Kev1Uw8jTSOd+nGFGqyMUWNAa+8FVBsg6Vb5tfwEkXyJ3w1vOhiei2NM
Ha+eJh6Pqv02AAN9Ttv1Kycm2ol+7IzYVqLPdY978PIHTFkJmgLY9KxC1NAi+p75
dwiHcngRdgUOnQQC7hQyYqpbHJVMp1Bn1LDC8Ca/NtEeGPA6kPwFsDe+uedv+DUb
KNVAXqh7Sc1NocrQaMSi+wRQ5BrHUeMivedQEmfnHKlBAk7ATsWp4hyX4SdrZkcz
+A0lBzSb52ZM0euFKd8jLaToFAH4vL3TUX6Sd4gOmctIOpVoLvOZfnVNgabUYOUc
nfLzhOERgfAwgR6vucl80MGS4LDG+PcHNYCSZmblpyiK+RRrr8rYcw01MeAG0jGV
c/Y1ItJBxQNZo9cISgqj4jCBTtKkHhbFLL3ySGz4Wnnf2FIymC7mI3gknoZHg8fN
Uz+WnVAeayHl5rNnhtncKPZaDVreFc+d5BVpZhWmo/eHvsEaF6EpV333IM35ZdJh
DzK1JXa4F1PC9uGqUtSpy+DiMzrzv8O9YJfA2e+C3sfa1RAbxZvM16EbhVZ97ANQ
kM0Y+3hXhjhFFFmRs33a
=u50i
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: