Package: python-numpy
Version: 1:1.7.1-3
Severity: important
Tags: security

numpy/f2py/__init__.py contains this code:

     from numpy.distutils.exec_command import exec_command
     import tempfile
     if source_fn is None:
         fname = os.path.join(tempfile.mktemp()+'.f')
     else:
         fname = source_fn

     f = open(fname,'w')

From the tempfile.mktemp() docstring: “This function is unsafe and should not be used. The file name refers to a file that did not exist at some point, but by the time you get around to creating it, someone else may have beaten you to the punch.”

(There are other calls to tempfile.mktemp() in the numpy codebase, but I haven't checked them.)

--
Jakub Wilk

_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team

Reply via email to