FYI, the reporter was mistaken, the upstream bug was NOT public. He
could see it because he reported it. It might as well be now. (I just
removed the security flag from it, so it is indeed public now).
The patch he supplied (while a good start) was stated to be untested,
and we also determined that it did not, in fact, solve the problem
(because it re-opened the file from scratch after creating the secure
temp file, rather than using the handle passed back from File::Temp).
We have an upstream patch ready to go, which was awaiting the 2.16.11
release expected in the next couple weeks. No point in waiting now.
--
Dave Miller http://www.justdave.net/
System Administrator, Mozilla Corporation http://www.mozilla.com/
Project Leader, Bugzilla Bug Tracking System http://www.bugzilla.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
