On 19/04/2014 05:29, [email protected] wrote: > > Jakub Wilk discovered that clang's scan-build utility insecurely handled > > temporary files. > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817 > > > The GetHTMLRunDir subroutine ... > > > 3) The function doesn't fail if the directory already exists, even if > > it's owned by another user. > > Use CVE-2014-2893. I am going to have a look next week. It should be trivial to fix.
Sylvestre
signature.asc
Description: OpenPGP digital signature
