[Bug 1077023] CVE-2014-2524 readline: insecure temporary file use in _rl_tropen()

bugzilla at redhat.com bugzilla at redhat.com
Wed May 21 13:43:26 UTC 2014 

https://bugzilla.redhat.com/show_bug.cgi?id=1077023

Tomas Hoger <thoger at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |CLOSED
         Resolution|---                         |WONTFIX
         Whiteboard|impact=low,public=20140314, |impact=low,public=20140314,
                   |reported=20140314,source=os |reported=20140314,source=os
                   |ssec,cvss2=2.1/AV:L/AC:L/Au |ssec,cvss2=2.1/AV:L/AC:L/Au
                   |:N/C:N/I:P/A:N,rhel-5/readl |:N/C:N/I:P/A:N,rhel-5/readl
                   |ine=notaffected,rhel-6/read |ine=notaffected,rhel-6/read
                   |line=affected,rhel-7/readli |line=affected,rhel-7/readli
                   |ne=affected,fedora-all/read |ne=affected,fedora-all/read
                   |line=affected,fedora-all/co |line=affected,fedora-all/co
                   |mpat-readline5=notaffected, |mpat-readline5=notaffected,
                   |rhel-5/compat-readline43=no |rhel-5/compat-readline43=no
                   |taffected,rhel-6/compat-rea |taffected,rhel-6/compat-rea
                   |dline5=notaffected,fedora-a |dline5=notaffected,rhel-6/m
                   |ll/mingw-readline=affected, |ingw32-readline=notaffected
                   |epel-5/mingw32-readline=not |,fedora-all/mingw-readline=
                   |affected,rhel-6/mingw32-rea |affected,epel-5/mingw32-rea
                   |dline=notaffected           |dline=notaffected
        Last Closed|                            |2014-05-21 09:43:26



--- Comment #6 from Tomas Hoger <thoger at redhat.com> ---
Insecure temporary issue is in the debugging / tracing code.  This code is not
used by readline or any other application in Red Hat Enterprise Linux.  Tracing
functions are defined in a private header file and are only meant for readline
library internal use.

Statement:

The Red Hat Security Response Team has rated this issue as having Low security
impact. This issue is not currently planned to be addressed in future updates.
For additional information, refer to the Issue Severity Classification:
https://access.redhat.com/security/updates/classification/.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wEprTjgLim&a=cc_unsubscribe

More information about the mingw mailing list