oss-security - Re: CVE request: hplip insecure temporary file handling in pkit.py

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20131127121009.GC24442@suse.de>
Date: Wed, 27 Nov 2013 13:10:09 +0100
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: hplip insecure temporary file
	handling in pkit.py

Hi,

Funny. I just told upstream about that yesterday:

https://bugzilla.novell.com/show_bug.cgi?id=852368

I think hplip could deserve a deeper look.

Sebastian

On Wed, Nov 27, 2013 at 12:46:54PM +0100, Raphael Geissert wrote:
> Hi,
> 
> On 27 November 2013 12:22, Ratul Gupta <ratulg@...hat.com> wrote:
> > Hello,
> >
> > A temporary file handling flaw was found in hplip/pkit.py.
> >
> > References:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
> 
> Thanks for sending the request, I was waiting for the problem to be
> confirmed but later forgot about it.
> 
> > Can a CVE please be assigned if one has not been already?
> 
> None has been assigned as far as I'm aware of.
> 
> Cheers,
> -- 
> Raphael Geissert - Debian Developer
> www.debian.org - get.debian.net

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.