On Wed, Jan 11, 2012 at 12:37:05PM -0500, Jim Paris wrote:
Package: as31
Version: 2.3.1-4
Severity: important
Tags: security

as31 creates a temporary file during assembly.  It uses the UID and
random() in the filename, but the random number generator is never
seeded, and so the filename is predictably the same every time,
introducing a security hole:

Thank you for the report. Does this issue have a CVE identifier yet?
Security team, if not can we allocate from the Debian pool (I forget the
rules)?

Maintainer: I doubt this will get a DSA (security team will advise) so in that event please fix this in unstable and then follow http://deb.li/prsc

Thanks



--
Jonathan Wiltshire                                      [email protected]
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51




--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to