CVE-2012-6114: unsafe usage of temporary files

Bug #1103488 reported by Jonathan Wiltshire on 2013-01-23
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
git-extras (Debian)
Fix Released
Unknown
git-extras (Ubuntu)
Undecided
Unassigned

Bug Description

git-effort and git-changelog use fixed name temporary files that can be used in a symlink attack. The Debian bug contains a patch.

CVE References

information type: Private Security → Public Security
Changed in git-extras (Debian):
status: Unknown → Fix Released
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in git-extras (Ubuntu):
status: New → Triaged
status: Triaged → Incomplete
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.