TEMP-0000000-CDF09E

NameTEMP-0000000-CDF09E
DescriptionTOCTOU race when expanding JAR files
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libbluray (PTS)bullseye1:1.2.1-4+deb11u2fixed
sid, trixie, bookworm1:1.3.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libbluraysource(unstable)0.7.0-1unimportant

Notes

CVE Request: https://www.openwall.com/lists/oss-security/2015/02/06/9
https://bugzilla.redhat.com/show_bug.cgi?id=959433
libbluray is only in wheezy and later and the issue is neutered by the kernel hardening for /tmp
Affected code removed in 0.7.0-1

Search for package or bug name: Reporting problems