Steve Kemp's Blog Writings relating to Debian & Free Software

luonnos viesti - 31 heinäkuu 2014

Thu, 31 Jul 2014 12:32:38 GMT

Yesterday I spent a while looking at the Debian code search site, an enormously useful service allowing you to search the code contained in the Debian archives.

The end result was three trivial bug reports:

#756565 - lives

Insecure usage of temporary files.

A CVE-identifier should be requested.

#756566 - libxml-dt-perl

Insecure usage of temporary files.

A CVE-identifier has been requested by Salvatore Bonaccorso, and will be added to my security log once allocated.

756600 - xcfa

Insecure usage of temporary files.

A CVE-identifier should be requested.

Finding these bugs was a simple matter of using the code-search to look for patterns like "system.*>.*%2Ftmp".

Perhaps tomorrow somebody else would like to have a go at looking for backtick-related operations ("`"), or the usage of popen.

Tomorrow I will personally be swimming in a loch, which is more fun than wading in code..

| 2 comments.

 

Comments On This Entry

[gravitar] mie vaan (just some random planet debian reader)

Submitted at 17:12:30 on 31 July 2014

Must open up and say this...

'luonnos viesti' should really be 'luonnosviesti', or better, viestiluonnos, if you like to get it right. :))

[gravitar] Steve Kemp

Submitted at 17:16:57 on 31 July 2014

Thank you, I do appreciate the correction.

My Finnish-learning is very adhoc at the moment - largely the things that my wife and I see in front of us and can talk about.

 

Comments are closed on posts which are more than ten days old.

Spiral Logo

Search

Recent Posts

Recent Tags

Links

RSS Feed

  • Subscribe to feed