[Python-modules-team] Bug#736247: Fwd: Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jan 21 14:28:39 UTC 2014


as reported by Jakub Wilk in http://bugs.debian.org/736247, there is a
TOCTOU failure in python's xdg module (see attached message).

Could a CVE be assigned to this?

	--dkg
-------------- next part --------------
An embedded message was scrubbed...
From: Jakub Wilk <jwilk at debian.org>
Subject: [Python-modules-team] Bug#736247: python-xdg:	get_runtime_dir(strict=False): insecure use of /tmp
Date: Tue, 21 Jan 2014 14:45:11 +0100
Size: 5832
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20140121/65ac5de9/attachment.eml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20140121/65ac5de9/attachment.sig>


More information about the Python-modules-team mailing list