<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #3158: CVE id CAN-2005-2351: less random temp file creation allows DOS

#3158: CVE id CAN-2005-2351: less random temp file creation allows DOS
------------------------------+---------------------------------------------
 Reporter:  antonio@â         |       Owner:  mutt-dev
     Type:  defect            |      Status:  new     
 Priority:  minor             |   Milestone:          
Component:  mutt              |     Version:  1.5.20  
 Keywords:  patch             |  
------------------------------+---------------------------------------------
Changes (by antonio@â):

  * keywords:  => patch
  * version:  1.5.19 => 1.5.20


Comment:

 a very simple patch is attached, it allows a more random creation of
 filenames in $tmpdir, without asking the user to change their setting,
 this patch is included in the Debian release of mutt.

 Given the simplicity of the patch and the fact that it fixes CVE
 CAN-2005-2351 please consider including it in your code; the patch doesn't
 seem to have any drawbacks.

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/3158#comment:2>
Mutt <http://www.mutt.org/>
The Mutt mail user agent