[Python-modules-team] Bug#737778: CVE request: f2py insecure temporary file use
Murray McAllister
mmcallis at redhat.com
Thu Feb 6 03:59:32 UTC 2014
Hello,
Jakub Wilk reported insecure temporary file use in f2py. From
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778>:
""
numpy/f2py/__init__.py contains this code:
from numpy.distutils.exec_command import exec_command
import tempfile
if source_fn is None:
fname = os.path.join(tempfile.mktemp()+'.f')
else:
fname = source_fn
f = open(fname,'w')
""
Can a CVE please be assigned if one hasn't been already?
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
https://bugzilla.redhat.com/show_bug.cgi?id=1062009
Thanks,
--
Murray McAllister / Red Hat Security Response Team
More information about the Python-modules-team
mailing list