[Secure-testing-team] Bug#734956: jinja2: CVE-2014-0012: unsafe temporary files creation
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 11 07:22:41 UTC 2014
Package: jinja2
Version: 2.7.2-1
Severity: important
Tags: security upstream
Hi Piotr,
the following vulnerability was published for jinja2. The upload for
jinja2/2.7.2-1 addressing CVE-2014-1402 introduced a unsafe temporary
files creation vulnerability.
CVE-2014-0012[0]:
unsafe temporary files creation
See also [1] for the CVE assignment. See the nice blogpost[2] from
Kurt Seifried for information on how to create safely temporary files
and directories in various languages.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0012
http://security-tracker.debian.org/tracker/CVE-2014-0012
[1] http://www.openwall.com/lists/oss-security/2014/01/11/1
[2] http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/
Regards,
Salvatore
More information about the Secure-testing-team
mailing list