[Secure-testing-team] [Secure-testing-commits] r17167 - data/CVE
Michael Gilbert
michael.s.gilbert at gmail.com
Mon Sep 5 15:59:45 UTC 2011
On Mon, 5 Sep 2011 11:08:03 +0200 Nico Golde wrote:
> Hi,
> * Michael Gilbert <gilbert-guest at alioth.debian.org> [2011-09-04 20:52]:
> > Author: gilbert-guest
> > Date: 2011-09-04 18:50:53 +0000 (Sun, 04 Sep 2011)
> > New Revision: 17167
> >
> > Modified:
> > data/CVE/list
> > Log:
> > TMPFILE environment variable exposure
> >
> > Modified: data/CVE/list
> > ===================================================================
> > --- data/CVE/list 2011-09-02 23:30:56 UTC (rev 17166)
> > +++ data/CVE/list 2011-09-04 18:50:53 UTC (rev 17167)
> > @@ -1,3 +1,6 @@
> > +CVE-2011-XXXX [TMPFILE environment variable exposure]
> > + - debianutils <unfixed> (bug #640389)
> > + - coreutils <unfixed>
>
> This imho shouldn't be a bug tracked by us. As discussed via PM you have far
> worse problems if you can control environment variables. This needs a specific
> case but not such a general bug for a "bug" class.
Agreed. Already removed :)
More information about the Secure-testing-team
mailing list