Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility
sylvestre at debian.org
Sun Apr 20 09:17:43 UTC 2014
On 19/04/2014 05:29, cve-assign at mitre.org wrote:
> > Jakub Wilk discovered that clang's scan-build utility insecurely handled
> > temporary files.
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817
> > The GetHTMLRunDir subroutine ...
> > 3) The function doesn't fail if the directory already exists, even if
> > it's owned by another user.
> Use CVE-2014-2893.
I am going to have a look next week. It should be trivial to fix.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 880 bytes
Desc: OpenPGP digital signature
More information about the Pkg-llvm-team