Re: CVE request: hplip insecure temporary file handling in pkit.py

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/27/2013 04:46 AM, Raphael Geissert wrote:
> Hi,
>
> On 27 November 2013 12:22, Ratul Gupta <ratulg () redhat com> wrote:
> > Hello,
> >
> > A temporary file handling flaw was found in hplip/pkit.py.
> >
> > References: 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
>
> Thanks for sending the request, I was waiting for the problem to
> be confirmed but later forgot about it.
>
> > Can a CVE please be assigned if one has not been already?
>
> None has been assigned as far as I'm aware of.
>
> Cheers,

Please use CVE-2013-6402 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSlsz+AAoJEBYNRVNeJnmT8I8P/j+XBW/SzksKSi5dtUkLmbI8
5V1Xd6cI/xhS94ls3rLGba23MjozdElgYnMI8XvgvvRhNRbeutTRYwEFHJbL5jqh
kqDqa3nIwZHlYCbQT5QrIbDmI6FGjLbCRckryh+lkS7nkdedjOibOjgZuLP8HQED
xuV4hFi9s3Tx0EVdNR1VxBLCLyVBX+F9QFOFz6dTrXH+lcriYb9u6CF7CEs/Gev7
NuVdVYGFxsEm+ZsyOmZ/Cn2nB9RMTKVk6QbkFes2RGeY1pwxrFmtwUf4hyrnSeBB
42TmTHSV/t6JhRq0iDBWXC1b6R83Upt/41Ir9lGsI/719wG8EOVb38phxgiV3xMg
sz6BaUrNzo/Ecu8nkHJqnhbdgwHCVfo/oJ3uG275ChI6XJYdAPdNNZmvK44es8DN
zbzRiEMbrBE6UmqZqIAPzD2X1fCaelbrHxODeK1VCkeOokqxd65u2/PXRVkx3xdW
4u8qIonGAPghIxn8XYlnjyNumLmi84M1JtZ1HXcilJoMk0MM9RZ9GdA7lig+VrYX
FAT4PrlYSo6lONFpo2gMY1TYTQOCLHYKOVantgaa8Zqrk/Whz4Bo0Gi23fbrXunR
gYmLwoX2C8OndPQ5Y7atUzH5f9wBTuAV8kMRX4gZC5Ukcuh98YNwnBq2C6K0n2th
QWE5qT3+bTi5ySnCy84S
=xMka
-----END PGP SIGNATURE-----