[Bug 1077023] CVE-2014-2524 readline: insecure temporary file use in _rl_tropen()

Wed, 21 May 2014 06:44:00 -0700 

https://bugzilla.redhat.com/show_bug.cgi?id=1077023

Tomas Hoger <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |CLOSED
         Resolution|---                         |WONTFIX
         Whiteboard|impact=low,public=20140314, |impact=low,public=20140314,
                   |reported=20140314,source=os |reported=20140314,source=os
                   |ssec,cvss2=2.1/AV:L/AC:L/Au |ssec,cvss2=2.1/AV:L/AC:L/Au
                   |:N/C:N/I:P/A:N,rhel-5/readl |:N/C:N/I:P/A:N,rhel-5/readl
                   |ine=notaffected,rhel-6/read |ine=notaffected,rhel-6/read
                   |line=affected,rhel-7/readli |line=affected,rhel-7/readli
                   |ne=affected,fedora-all/read |ne=affected,fedora-all/read
                   |line=affected,fedora-all/co |line=affected,fedora-all/co
                   |mpat-readline5=notaffected, |mpat-readline5=notaffected,
                   |rhel-5/compat-readline43=no |rhel-5/compat-readline43=no
                   |taffected,rhel-6/compat-rea |taffected,rhel-6/compat-rea
                   |dline5=notaffected,fedora-a |dline5=notaffected,rhel-6/m
                   |ll/mingw-readline=affected, |ingw32-readline=notaffected
                   |epel-5/mingw32-readline=not |,fedora-all/mingw-readline=
                   |affected,rhel-6/mingw32-rea |affected,epel-5/mingw32-rea
                   |dline=notaffected           |dline=notaffected
        Last Closed|                            |2014-05-21 09:43:26



--- Comment #6 from Tomas Hoger <[email protected]> ---
Insecure temporary issue is in the debugging / tracing code.  This code is not
used by readline or any other application in Red Hat Enterprise Linux.  Tracing
functions are defined in a private header file and are only meant for readline
library internal use.

Statement:

The Red Hat Security Response Team has rated this issue as having Low security
impact. This issue is not currently planned to be addressed in future updates.
For additional information, refer to the Issue Severity Classification:
https://access.redhat.com/security/updates/classification/.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug 
https://bugzilla.redhat.com/token.cgi?t=wEprTjgLim&a=cc_unsubscribe
_______________________________________________
mingw mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/mingw

Reply via email to