* Sylvestre Ledru , 2014-04-15, 14:30:
1) The directory name is easily predictable:
if (!defined $Dir) {
$Dir = $ENV{'TMPDIR'} || $ENV{'TEMP'} || $ENV{'TMP'} || "/tmp";
$TmpMode = 1;
}
# [...]
my $TimeString = sprintf("%02d%02d%02d", $hour, $min, $sec);
my $DateString = sprintf("%d-%02d-%02d
Hello Jakub,
Thanks for this analysis.
FYI, clang 3.3 and 3.4 are most likely impacted too.
On 15/04/2014 00:13, Jakub Wilk wrote:
> Package: clang-3.5
> Version: 1:3.5~svn201651-1
> Severity: important
> Tags: security
>
> The GetHTMLRunDir subroutine creates temporary directories in an
> inse
Package: clang-3.5
Version: 1:3.5~svn201651-1
Severity: important
Tags: security
The GetHTMLRunDir subroutine creates temporary directories in an
insecure way:
1) The directory name is easily predictable:
if (!defined $Dir) {
$Dir = $ENV{'TMPDIR'} || $ENV{'TEMP'} || $ENV{'TMP'} || "/tmp";
3 matches
Mail list logo
