This queue is for tickets about the Batch-Batchrun CPAN distribution.

Report information
The Basics
Id:
69594
Status:
new
Priority:
Low/Low

People
Owner:
Nobody in particular
Requestors:
john [...] nixnuts.net
Cc:
AdminCc:

BugTracker
Severity:
Important
Broken in:
1.03
Fixed in:
(no value)



Subject: Unsafe /tmp file usage
In Batch::Batchrun::Dbfunctions::command_sqlplus() $tmpfile = '/tmp/'.$$.'sqlplus.sql'; open ( CMDFILE, ">$tmpfile" ) or die "** cant open $tmpfile because $!"; ...etc... There are a variety of ways to abuse this. Assuming this module is still being used, it should switch to File::Temp::tempfile().
Thia bug has been assigned CVE-2011-4117


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.