Package: node-cli
Version: 0.4.4~20120516-1
Severity: critical
Tags: security

Dear Maintainer,

The `node-cli` library makes insecure use of the following two
temporary files:

        lock_file = '/tmp/' + cli.app + '.pid',
        log_file = '/tmp/' + cli.app + '.log';

These allow overwriting files  that the starting-user has permission
to modify.



-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to