CVE-2012-6114: unsafe usage of temporary files

Bug #1103488 reported by Jonathan Wiltshire
This bug affects 1 person
Affects Status Importance Assigned to Milestone
git-extras (Debian)
Fix Released
git-extras (Ubuntu)

Bug Description

git-effort and git-changelog use fixed name temporary files that can be used in a symlink attack. The Debian bug contains a patch.

CVE References

information type: Private Security → Public Security
Changed in git-extras (Debian):
status: Unknown → Fix Released
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information:

Changed in git-extras (Ubuntu):
status: New → Triaged
status: Triaged → Incomplete
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.