On 19/04/2014 05:29, cve-ass...@mitre.org wrote: > > Jakub Wilk discovered that clang's scan-build utility insecurely handled > > temporary files. > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817 > > > The GetHTMLRunDir subroutine ... > > > 3) The function doesn't fail if the directory already exists, even if > > it's owned by another user. > > Use CVE-2014-2893. > I think I fixed it upstream: http://llvm.org/viewvc/llvm-project?view=revision&revision=211051 http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/scan-build/scan-build?r1=210971&r2=211051&pathrev=211051
I've just uploaded llvm-snapshot-3.4. I prepared 3.3 and I will upload the snapshot later. Sylvestre
signature.asc
Description: OpenPGP digital signature
