Bug 863744 (CVE-2014-1934) - VUL-1: CVE-2014-1934: python-eyeD3: insecure use of /tmp
Summary: VUL-1: CVE-2014-1934: python-eyeD3: insecure use of /tmp
Status: RESOLVED FIXED
Alias: CVE-2014-1934
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Deadline: 2014-06-04
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:RedHat:CVE-2014-1934:2.1:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-13 10:15 UTC by Alexander Bergmann
Modified: 2019-08-30 14:49 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-02-13 10:15:25 UTC 
Jakub Wilk reported a problem with python-eyeD3 on the Debian Bug Tracking system. eyeD3/tag.py creates temporary files in an insecure way.

CVE-2014-1934 was assigned to this issue.

References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062
https://bugzilla.redhat.com/show_bug.cgi?id=1063671
Comment 1 Swamp Workflow Management 2014-02-13 23:00:24 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2014-02-20 10:32:59 UTC 
The SWAMPID for this issue is 56330.
This issue was rated as low.
Please submit fixed packages until 2014-03-20.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 3 SMASH SMASH 2014-02-20 10:35:16 UTC 
Affected packages:

SLE-11-SP3: python-eyeD3
Comment 5 Swamp Workflow Management 2014-04-28 10:16:33 UTC 
The SWAMPID for this issue is 57128.
This issue was rated as low.
Please submit fixed packages until 2014-05-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Bernhard Wiedemann 2014-04-28 16:00:13 UTC 
This is an autogenerated message for OBS integration:
This bug (863744) was mentioned in
https://build.opensuse.org/request/show/231925 Factory / python-eyeD3
Comment 7 Bernhard Wiedemann 2014-04-29 19:00:20 UTC 
This is an autogenerated message for OBS integration:
This bug (863744) was mentioned in
https://build.opensuse.org/request/show/232098 13.1 / python-eyeD3
Comment 8 Jan Matejek 2014-04-30 10:47:12 UTC 
fixed where relevant, handing over to security
Comment 9 Bernhard Wiedemann 2014-04-30 12:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (863744) was mentioned in
https://build.opensuse.org/request/show/232188 12.3 / python-eyeD3
Comment 11 Alexander Bergmann 2014-05-02 16:06:56 UTC 
Closing bug.
Comment 12 Swamp Workflow Management 2014-05-07 12:12:07 UTC 
The SWAMPID for this issue is 57241.
This issue was rated as low.
Please submit fixed packages until 2014-06-04.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 13 Swamp Workflow Management 2014-05-07 16:04:22 UTC 
openSUSE-SU-2014:0619-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 863744
CVE References: CVE-2014-1934
Sources used:
openSUSE 12.3 (src):    python-eyeD3-0.6.18-5.4.1
Comment 14 Swamp Workflow Management 2014-05-07 16:04:37 UTC 
openSUSE-SU-2014:0620-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 863744
CVE References: CVE-2014-1934
Sources used:
openSUSE 13.1 (src):    python-eyeD3-0.7.3-3.4.1