Bug#759282: CVE request: php-pear, pear's insecure /tmp/ use for cache data

[cve-assign]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282

Use CVE-2014-5459.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT/WsUAAoJEKllVAevmvmsaXEH/3bwwhDnyGdxilowL2kx/S+j
gRmak0Uegsz5ZfDgl3PIzxKBc2EkwZrRhPlgeBVx6+OtGlp6MHjrMXYHp06LJBXj
RegI3t+gyBXEjUrOHmOHdY1N7RnprMu5YZnB5LErKicqp0SivDEDcSiecSbDTk9o
LXlvE1mPHfZzwhiqWUtFfyNVUb7CmnQWT5WLgWDaRVAXIqWNIiv/fwwIJgD3MTSp
k6WmlhCwXAWBLq3t8zgV8jSSsZW2KCgFpzUJEZuzPlTpSaZys6zCl2s8tgfwpGCj
zWVZmyRmn6IAC6t/huK/Zs3nhuNX2SKksLGtxVnGvklNd1gkUimvqVDSX2YZ1Wk=
=S9dC
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#759282: CVE request: php-pear, pear's insecure /tmp/ use for cache data

[Murray McAllister]

Hello,

It was reported that the pear utility insecurely used the /tmp/ 
directory for cache data. A local attacker could use this flaw to 
perform a symbolic link attack against a user (typically the root user) 
running a pear command (such as pear install).


Original report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282

Could a CVE please be assigned?

Thanks,

--
Murray McAllister / Red Hat Product Security


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org