luonnos viesti - 31 heinäkuu 2014

31 July 2014 21:50

Yesterday I spent a while looking at the Debian code search site, an enormously useful service allowing you to search the code contained in the Debian archives.

The end result was three trivial bug reports:

#756565 - lives

Insecure usage of temporary files.

A CVE-identifier should be requested.

#756566 - libxml-dt-perl

Insecure usage of temporary files.

A CVE-identifier has been requested by Salvatore Bonaccorso, and will be added to my security log once allocated.

756600 - xcfa

Insecure usage of temporary files.

A CVE-identifier should be requested.

Finding these bugs was a simple matter of using the code-search to look for patterns like "system.*>.*%2Ftmp".

Perhaps tomorrow somebody else would like to have a go at looking for backtick-related operations ("`"), or the usage of popen.

Tomorrow I will personally be swimming in a loch, which is more fun than wading in code..

Tags: debian, security | 2 comments

Comments on this entry

mie vaan (just some random planet debian reader) at 17:12 on 31 July 2014

Must open up and say this...

'luonnos viesti' should really be 'luonnosviesti', or better, viestiluonnos, if you like to get it right. :))

Steve Kemp at 17:16 on 31 July 2014
http://steve.org.uk/.

Thank you, I do appreciate the correction.

My Finnish-learning is very adhoc at the moment - largely the things that my wife and I see in front of us and can talk about.

luonnos viesti - 31 heinäkuu 2014

Comments on this entry

Recent Posts