Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56169779.3060002@danielstender.com>
Date: Thu, 08 Oct 2015 18:19:05 +0200
From: Daniel Stender <debian@...ielstender.com>
To: oss-security@...ts.openwall.com
CC: 756432@...s.debian.org, 
 Debian Security Team <team@...urity.debian.org>,
 Salvatore Bonaccorso <carnil@...ian.org>
Subject: CVE request: Gummi

Hello,

I request a CVE for Gummi (LaTeX editor with preview pane) [1], the current
release is 0.6.5.

The program uses predictable filenames for files in /tmp, which produces a race
condition [2].

I'm Debian maintainer for this software.

Please assign a CVE as appropriate.

Thanks,
Daniel Stender

[1] https://github.com/alexandervdm/gummi

[2] https://bugs.debian.org/756432
    gummi: Uses predictable filenames in /tmp based on basename

-- 
4096R/DF5182C8
46CB 1CA8 9EA3 B743 7676 1DB9 15E0 9AF4 DF51 82C8
LPI certified Linux admin (LPI000329859 64mz6f7kt4)
http://www.danielstender.com/blog/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.