Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

gregor herrmann gregoa at debian.org
Sun May 6 13:20:03 UTC 2012


On Wed, 02 May 2012 22:02:13 +0300, Henri Salo wrote:

> https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225

Attached is a backport of the fix for squeeze; reviews welcome.

Dear security and release teams: Please advise on how to proceed;
does s-p-u sound right for this isse?

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Dire Straits: Tunnel Of Love
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 671255-squeeze.diff
Type: text/x-diff
Size: 1886 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120506/d2aaee55/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120506/d2aaee55/attachment.pgp>


More information about the pkg-perl-maintainers mailing list