Skip Menu | will be shut down on March 1st, 2021.

This queue is for tickets about the Batch-Batchrun CPAN distribution.

Report information
The Basics
Id: 69594
Status: new
Priority: 0/
Queue: Batch-Batchrun

Owner: Nobody in particular
Requestors: john [...]

Bug Information
Severity: Important
Broken in: 1.03
Fixed in: (no value)

Subject: Unsafe /tmp file usage
Download (untitled) / with headers
text/plain 305b
In Batch::Batchrun::Dbfunctions::command_sqlplus() $tmpfile = '/tmp/'.$$.'sqlplus.sql'; open ( CMDFILE, ">$tmpfile" ) or die "** cant open $tmpfile because $!"; ...etc... There are a variety of ways to abuse this. Assuming this module is still being used, it should switch to File::Temp::tempfile().
Thia bug has been assigned CVE-2011-4117

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to