18 Aug 10:59
Re: CVE id request: mktemp
From: Sebastian Krahmer <krahmer@...>
Subject: Re: CVE id request: mktemp
Newsgroups: gmane.comp.security.oss.general
Date: 2008-08-18 08:59:56 GMT
Subject: Re: CVE id request: mktemp
Newsgroups: gmane.comp.security.oss.general
Date: 2008-08-18 08:59:56 GMT
BTW, mktemp(1) is using O_EXCL anyway, so I dont see an issue. Additionally all of our scripts use more than 6 X' as also shown in the example section of the manpage. We are not going to release updates for this non-issue. l8er, Sebastian On Fri, Aug 15, 2008 at 01:55:50PM +0200, Nico Golde wrote: > Hi, > mktemp (not the coreutils one) from > ftp://ftp.mktemp.org/pub/mktemp/ is not generating fully > random names. Steve, can you assign a CVE id to this? > > This is > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495193 > I wrote an explanation on why this happens, available on: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495193#30 > > Kind regards > Nico > > -- > Nico Golde - http://www.ngolde.de - nion@... - GPG: 0x73647CFF > For security reasons, all text in this mail is double-rot13 encrypted. -- -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@... - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
RSS Feed