Il 22/02/2013 20:26, Jakub Wilk ha scritto:
> * Giulio Paci <giuliop...@gmail.com>, 2013-02-20, 20:46:
>>>>>>> As far as I can see, src/test/fst_test.h creates temporary files
>>>>>>> insecurely.
>>>>>> Relevant applications are now using private directory to store temporary
>>>>>> files. As far as I can see, this solves the issue.
>>>>> It solves it for Debian, but the problem should be fixed upstream as
>>>>> well. Please notify them about the bug, if you haven't already.
>>>> I already forwarded the patch.
>>> I'm confused. Which patch exactly did you forward?
>> I was referring to 1004_set_tmpdir_default_to_TMPDIR.patch.
>
> Yup, but that doesn't fix the security hole; it merely allows those who are
> aware of it to work around it.
Ok, I just re-read the email I sent upstream with the patches and it described
the problem in the Debian context.
I just sent another email further explaining the issue and pointing out it is a
general issue. In this email I also proposed to fix the issue by setting TMPDIR
inside the
test scripts.
Bests,
Giulio.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
