Skip to content

luonnos viesti - 31 heinäkuu 2014

Yesterday I spent a while looking at the Debian code search site, an enormously useful service allowing you to search the code contained in the Debian archives.

The end result was three trivial bug reports:

#756565 - lives

Insecure usage of temporary files.

A CVE-identifier should be requested.

#756566 - libxml-dt-perl

Insecure usage of temporary files.

A CVE-identifier has been requested by Salvatore Bonaccorso, and will be added to my security log once allocated.

756600 - xcfa

Insecure usage of temporary files.

A CVE-identifier should be requested.

Finding these bugs was a simple matter of using the code-search to look for patterns like "system.*>.*%2Ftmp".

Perhaps tomorrow somebody else would like to have a go at looking for backtick-related operations ("`"), or the usage of popen.

Tomorrow I will personally be swimming in a loch, which is more fun than wading in code..

Comments On This Entry

  1. [gravitar] mie vaan (just some random planet debian reader)

    Must open up and say this...

    'luonnos viesti' should really be 'luonnosviesti', or better, viestiluonnos, if you like to get it right. :))

  2. [author] Steve Kemp

    Thank you, I do appreciate the correction.

    My Finnish-learning is very adhoc at the moment - largely the things that my wife and I see in front of us and can talk about.