Bug#781123: Looks similar to upstream bug #960

. I'm not a CPP guru, but other functions there might suffer from the same issue: junkHandler aviHeaderTagsHandler streamHandler streamDataTagHandler Jakub, did you report this upsream already? Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB

Bug#774769: CVE request: lftp saves unknown host's fingerprint in known_hosts without any prompt

https://github.com/lavv17/lftp/commit/bc7b476e782d77839765f56bbdb4cee9f36b54ec References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774769 https://bugzilla.redhat.com/show_bug.cgi?id=1180209 Can a CVE be assigned to this please? Thanks. -- Vasyl Kaigorodov | Red Hat Product Securit

Bug#774669: Directory traversal through symlinks

test.cpio dir cpio: dir/file: Cannot open: Permission denied dir/file 1 block Do you think this is a valid case for a CVE? -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 pgpq0gPdTyknH.pgp Description: PGP signature

Bug#772473: xbindkeys-config: Insecure use of temporary files

a flaw. What do you think? Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 pgpI3eve3p4Zm.pgp Description: PGP signature

Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr

eferences: - https://bugzilla.redhat.com/show_bug.cgi?id=1171701 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008 Can a CVE be assigned to this please? Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 pgp2w32gVGCjW.pgp Description: PGP signature

Bug#760455: CVE request: automake: insecure use of /tmp in install-sh

is to create or remove empty directories named "d". (But on modern Linux systems this is mitigated by the protected_symlinks feature.) References: [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760455 [2]: https://bugzilla.redhat.com/show_bug.cgi?id=1140725 [3]: https://bugs.gentoo.org/show_bug.

Bug#754899: CVE request: rawstudio: Insecure use of temporary file

en, NULL); ignore = system("dot -Tpng >/tmp/rs-filter-graph.png http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899 https://bugzilla.redhat.com/show_bug.cgi?id=1120093 Thanks. -- Vasyl Kaigorodov | Red Hat Product Security Team PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0

Bug#752395: CVE request: python: _json module is vulnerable to arbitrary process memory read

on.org/issue21529 [2] Debian bug tracker: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395 [3] RedHat bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1112285 Thanks. -- Vasyl Kaigorodov | Red Hat Product Security Team PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828