Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <201402110311.s1B3B9si022099@linus.mitre.org>
Date: Mon, 10 Feb 2014 22:11:09 -0500 (EST)
From: cve-assign@...re.org
To: jwilk@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> * Pacemaker:
> https://bugs.debian.org/633964
> This needs a CVE-2011-#### id.

Use CVE-2011-5271.


> * Python Imaging Library:
> https://bugs.debian.org/737059

> Note that we have two slightly different kinds of problems here:
> 1) in IptcImagePlugin.py and Image.py there's tempfile.mktemp() followed 
> by open() in the same subprocess;

> 2) in JpegImagePlugin.py and EpsImagePlugin.py, temporary file name 
> generated by tempfile.mktemp()

Use CVE-2014-1932 for the issue of using mktemp in all of these .py
files.


> 2) ... temporary file name ... is passed to an external process.
> The latter kind is much easier to exploit, at least on some systems, 
> because commandlines are not secret.

Use CVE-2014-1933 for the issue of including sensitive filename
information on a command line that is visible by using ps or a similar
approach.


> * eyeD3:
> https://bugs.debian.org/737062

Use CVE-2014-1934.


> * Tom Duff's rc (part of 9base):
> https://bugs.debian.org/737206

Use CVE-2014-1935.


> * Byron Rakitzis's rc:
> https://bugs.debian.org/737125

Use CVE-2014-1936.


> * Gamera:
> https://bugs.debian.org/737324

Use CVE-2014-1937.


> * RPLY (follow-up for CVE-2014-1604):
> https://bugs.debian.org/737627

Use CVE-2014-1938.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS+ZOnAAoJEKllVAevmvmsmGgH/2pKXzhtYjqTnz9/KvGeDqRH
af5obLEN/SB7p/aCpMQtIQ2sRSw7bKYGQ6R+niEfw2+5ZrRuYhbiQLikd1qH4kMX
OTfPYhDJUJwq5t7JdoNSc0CD1/aNg3FDvJ/cfNs80Tln97zRd7kgpp3xUPOdwsKn
/cU2WIelFMGIXCuXDRpKpqep7grP3bfAZRHzo03hg0NxY/6Ah/0eJHV02/8b3ta/
CX9I1a/+4yi6TeBXnez4VhBT5Cs+2Ft1QE5nMSnHEQzf0U6USfRKK7MSWgug5mVK
zEEzHwY24gEDWumv6eGhrgU+/AySN9M6d+m7QjhNV3txgZgJ6adgx4qumHSTbkg=
=umjH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.