Thanks for getting these prepared! Two observations:
- the packaging uses "dpatch", so the patch needs to be re-worked to
create a patch in debian/patches and update the 00list file.
- the fix isn't a full fix. I would have expected either the use of
"mkstemp" or at least "umask" for the file creation, instead of only
"mktmpnam", which isn't fully safe. (Perhaps there is something I don't
know about that made Debian choose this less security solution.) It
_is_ much safer than the prior code, though. :)
Thanks!
** Changed in: gsambad (Ubuntu Feisty)
Assignee: (unassigned) => Michael Bienia
Status: Confirmed => In Progress
** Changed in: gsambad (Ubuntu Edgy)
Assignee: (unassigned) => Michael Bienia
Status: Confirmed => In Progress
--
[CVE-2007-2838] Unsafe tmp file usage
https://bugs.launchpad.net/bugs/124629
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
