[Secure-testing-team] [Secure-testing-commits] r17167 - data/CVE
Nico Golde
debian-secure-testing+ml at ngolde.de
Mon Sep 5 09:08:03 UTC 2011
Hi,
* Michael Gilbert <gilbert-guest at alioth.debian.org> [2011-09-04 20:52]:
> Author: gilbert-guest
> Date: 2011-09-04 18:50:53 +0000 (Sun, 04 Sep 2011)
> New Revision: 17167
>
> Modified:
> data/CVE/list
> Log:
> TMPFILE environment variable exposure
>
> Modified: data/CVE/list
> ===================================================================
> --- data/CVE/list 2011-09-02 23:30:56 UTC (rev 17166)
> +++ data/CVE/list 2011-09-04 18:50:53 UTC (rev 17167)
> @@ -1,3 +1,6 @@
> +CVE-2011-XXXX [TMPFILE environment variable exposure]
> + - debianutils <unfixed> (bug #640389)
> + - coreutils <unfixed>
This imho shouldn't be a bug tracked by us. As discussed via PM you have far
worse problems if you can control environment variables. This needs a specific
case but not such a general bug for a "bug" class.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110905/e597fa40/attachment.pgp>
More information about the Secure-testing-team
mailing list