[Python-modules-team] Bug#737778: CVE request: f2py insecure temporary file use

Murray McAllister Wed, 05 Feb 2014 20:04:17 -0800

Hello,

Jakub Wilk reported insecure temporary file use in f2py. From<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778>:


""
numpy/f2py/__init__.py contains this code:

     from numpy.distutils.exec_command import exec_command
     import tempfile
     if source_fn is None:
         fname = os.path.join(tempfile.mktemp()+'.f')
     else:
         fname = source_fn

     f = open(fname,'w')
""

Can a CVE please be assigned if one hasn't been already?

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
https://bugzilla.redhat.com/show_bug.cgi?id=1062009

Thanks,

--
Murray McAllister / Red Hat Security Response Team

_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team

[Python-modules-team] Bug#737778: CVE request: f2py insecure temporary file use

Reply via email to