[Secure-testing-team] Bug#855142: tmpfile are not random
Bastien ROUCARIES
roucaries.bastien at gmail.com
Tue Feb 14 16:24:52 UTC 2017
Package: src:pdfsandwich
version: 0.1.6-1
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
Hi,
pdfsandwish use totally previsible file name like
/tmp/pdfsandwich_inputfileea1150.pdf[11]
Security team could you open a CVE ?
Upsteam should use for instance a tmpname subdirectory
Bastien
More information about the Secure-testing-team
mailing list