[Secure-testing-team] Bug#807341: git-repair: uses non-random tempdir /tmp/tmprepo.0/.git/
Jonas Smedegaard
dr at jones.dk
Mon Dec 7 18:28:17 UTC 2015
Package: git-repair
Version: 1.20150106-2
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
git-repair uses /tmp/tmprepo.0/.git/ which is clearly static, and I
believe therefore (on non-hardened systems) insecure.
- Jonas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWZc+/AAoJECx8MUbBoAEhfMsP/0TcaMfVoWdkFqwY4+4gFjFn
0iRp1AZgNA8pnrgdcnQNFIm6PvarOQZZ6K62cg7OfiuEIyji+u8DV8Pl741TPWr2
cJWaIPMWY5CX9hKRJMikE4JsxtmdNoZ+iXzGj/Mv50jx+SJL2AT1cjTi9kgoq9uE
FtyJAv0hooTenuKQzQz54dSiKQFfnVC7IoCYeMm/nPiveE9+CmaGg19IGUoy921Q
cXU9cmBk1Qv0aU9ErSa9FZl3mr+Q7+EbN30Qa5LciZMR2PFbG9CdkdWBXia14j3P
ZsIlyogcwukqtEu20jh54jaG3n0FnfMFOcvW6bi4RckwcL6FXp2h8U992vY3teCe
B/882vP+aNLeRhub+a/p4xUWsq5Z+Sbf1UX4iXT9hZRQ3mRyfwxy44Okh46tFLQe
tn7xoj676wPbZhx/j8cdh2S2sXQBTwg7wwRDz0ngM9YA5477sqPf0aoPcG5yRdgp
Herfwwblcny5LD868eEM2WuIygX4BRhfzAXPqgQYr46BVU3fUkVJeEwMqt4XKaXd
IFV0TG4B+mgTewe1NYQOtmkRIg/6owp9YS/bQq4yhUos5gITzB2vaFVWsAHejFHI
K1XInYeBv33vhmnfsnjAc+G1xVJzFZfUHZvjPb9144f/hkMnwQZhXP877qQndQtt
k3+PtInTNWBmgAxZEF1x
=0nH4
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list