[Python-modules-team] Bug#737778: CVE request: f2py insecure temporary file use
cve-assign at mitre.org
cve-assign at mitre.org
Sat Feb 8 02:06:00 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Jakub Wilk reported insecure temporary file use in f2py.
>
> numpy/f2py/__init__.py contains this code:
>
> fname = os.path.join(tempfile.mktemp()+'.f')
>
> f = open(fname,'w')
>
> Can a CVE please be assigned if one hasn't been already?
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
> https://bugzilla.redhat.com/show_bug.cgi?id=1062009
Use CVE-2014-1858 only for the issue in the __init__.py file.
Use CVE-2014-1859 for the other temporary-file issues fixed by the
vendor in the
https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
commit.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJS9Y9iAAoJEKllVAevmvmsmUgH/jW37Wa7Wp52niRfZ+5B3IR+
emZwCRGRhJKZVZKB3yWDPOLv7WPGsXMQUgRzNLI81U2ukGX5+ZDQCAvm2o5fed25
z90k82ER5lwmbosp87p/kKNtCTuLegijDczduBIV73fO3PwC1d+/JM5I4/DnTSM6
OWLRquY7giwDPiF5NvBrmDR6JocWOPVlbAHoIvLuxRFcYdFbqDaJe8Bt8hf2saQB
Phw/nIaladkNJOKR5sZM9+E3tVdP1MPCjmiMdASWktTP0fNrGMoBS24zTAQY5hgT
ApAW+6Y88igBbZ/aci5kvIo7ocdmw+ld7YNK46PMX8Cr4MsTJZX0X6V85HCzAJM=
=XwId
-----END PGP SIGNATURE-----
More information about the Python-modules-team
mailing list