Fixed in cauldron, package submitted & built for mga3 and mga4.
It's difficult to provide a test case, since it's basically a race condition that has been fixed.

Advisory:
==================================
perltidy's make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack.
==================================

List of rpms/srpms:
- perltidy-20121207.0.0-3.1.mga4.noarch.rpm
- perltidy-20121207.0.0-3.1.mga4.src.rpm

- perltidy-20121207.0.0-2.1.mga3.noarch.rpm
- perltidy-20121207.0.0-2.1.mga3.src.rpm

Please test & push.

CC: (none) => jquelin
Assignee: jquelin => qa-bugs

Thanks Jerome!

Advisory:
==================================

Updated perltidy package fixes security vulnerability:

perltidy's make_temporary_filename() function insecurely created temporary
files via the use of the tmpnam() function. A local attacker could use this
flaw to perform a symbolic link attack (CVE-2014-2277).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2277
https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html

Version: Cauldron => 4
Whiteboard: MGA4TOO, MGA3TOO => MGA3TOO

Here's a link to a tutorial on perltidy:

http://perltidy.sourceforge.net/tutorial.html

I'll test it myself today or tomorrow hopefully, if real life gets in the way I'll let you know.

Carolyn

CC: (none) => cmrisolde
Whiteboard: MGA3TOO => MGA3TOO has_procedure

Mga4 32-bit fine.

Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA4-32-OK

Mga3 32-bit fine.

Please could someone do the 64-bit tests.

Thanks.

Carolyn

Whiteboard: MGA3TOO has_procedure MGA4-32-OK => MGA3TOO has_procedure MGA4-32-OK MGA3-32-OK

In VirtualBox, M3, KDE, 64-bit

Package(s) under test:
perltidy

default install of perltidy

[root@localhost wilcal]# urpmi perltidy
Package perltidy-20121207.0.0-2.mga3.noarch is already installed

Yup, perltidy tidy's up the test .pl file

install perltidy from updates_testing

[root@localhost wilcal]# urpmi perltidy
Package perltidy-20121207.0.0-2.1.mga3.noarch is already installed

Yup, perltidy is still tidy'n up the test .pl file

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
VirtualBox 4.3.6-1.mga4.x86_64.rpm

CC: (none) => wilcal.int
Whiteboard: MGA3TOO has_procedure MGA4-32-OK MGA3-32-OK => MGA3TOO has_procedure MGA4-32-OK MGA3-64-OK MGA3-32-OK

In VirtualBox, M4, KDE, 64-bit

Package(s) under test:
perltidy

default install of perltidy

[root@localhost wilcal]# urpmi perltidy
Package perltidy-20121207.0.0-3.mga4.noarch is already installed

Yup, perltidy tidy's up the test .pl file

install perltidy from updates_testing

[root@localhost wilcal]# urpmi perltidy
Package perltidy-20121207.0.0-3.1.mga4.noarch is already installed

Yup, perltidy is still tidy'n up the test .pl file

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
VirtualBox 4.3.6-1.mga4.x86_64.rpm

Whiteboard: MGA3TOO has_procedure MGA4-32-OK MGA3-64-OK MGA3-32-OK => MGA3TOO has_procedure MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK

For me this update works fine.
Testing complete for mga3 32-bit & 64-bit
Testing complete for mga4 32-bit & 64-bit
If everybody is happy could someone from the
sysadmin team push this to updates. Thanks

There is no advisory in svn

CC: (none) => pterjan

Advisory committed to svn.

CC: (none) => davidwhodgins
Whiteboard: MGA3TOO has_procedure MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK => MGA3TOO has_procedure MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK advisory

http://advisories.mageia.org/MGASA-2014-0147.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED