Back to bug 1031096
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Petr Pisar | 2013-11-19 14:13:11 UTC | Status | NEW | ASSIGNED |
| CC | ppisar | |||
| Petr Pisar | 2013-11-27 10:15:07 UTC | Keywords | Patch | |
| Status | ASSIGNED | POST | ||
| Petr Pisar | 2013-11-27 11:50:14 UTC | Status | POST | MODIFIED |
| Fixed In Version | perl-HTTP-Tiny-0.033-2.el7 | |||
| Doc Text | Cause: Calling mirror() method on HTTP::Tiny Perl object. Consequence: If a file with the same name as an HTTP::Tiny temporary files exists, the file will get overwritten and possibly abused with a symlink attack. If write into a temporary file fails, the error will be silently ignored. Fix: A fix to use exclusive file creation and a fix to throw an exception on write error have been applied to the HTTP::Tiny library. Result: It's not possible to attack the HTTP::Tiny mirror() subroutine with a symlink attack. Any write error is reported by an exception. |
|||
| errata-xmlrpc | 2013-11-27 11:54:51 UTC | Status | MODIFIED | ON_QA |
| Martin Kyral | 2014-04-07 10:19:21 UTC | CC | mkyral | |
| QA Contact | qe-baseos-apps | mkyral | ||
| Martin Kyral | 2014-04-07 13:37:46 UTC | Status | ON_QA | VERIFIED |
| Petr Pisar | 2014-06-12 07:48:26 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2014-06-12 03:48:26 UTC |
Back to bug 1031096