-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Jakub Wilk reported insecure temporary file use in f2py. > > numpy/f2py/__init__.py contains this code: > > fname = os.path.join(tempfile.mktemp()+'.f') > > f = open(fname,'w') > > Can a CVE please be assigned if one hasn't been already? > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778 > https://bugzilla.redhat.com/show_bug.cgi?id=1062009
Use CVE-2014-1858 only for the issue in the __init__.py file. Use CVE-2014-1859 for the other temporary-file issues fixed by the vendor in the https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15 commit. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS9Y9iAAoJEKllVAevmvmsmUgH/jW37Wa7Wp52niRfZ+5B3IR+ emZwCRGRhJKZVZKB3yWDPOLv7WPGsXMQUgRzNLI81U2ukGX5+ZDQCAvm2o5fed25 z90k82ER5lwmbosp87p/kKNtCTuLegijDczduBIV73fO3PwC1d+/JM5I4/DnTSM6 OWLRquY7giwDPiF5NvBrmDR6JocWOPVlbAHoIvLuxRFcYdFbqDaJe8Bt8hf2saQB Phw/nIaladkNJOKR5sZM9+E3tVdP1MPCjmiMdASWktTP0fNrGMoBS24zTAQY5hgT ApAW+6Y88igBbZ/aci5kvIo7ocdmw+ld7YNK46PMX8Cr4MsTJZX0X6V85HCzAJM= =XwId -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
