Hi Steve, On Sun, Sep 14, 2008 at 12:40:57PM -0700, Steve Langasek wrote: > On Sun, Sep 14, 2008 at 01:05:08PM +0200, Jan Hauke Rahm wrote: > > in your script "Tools/faqwiz/move-faqwiz.sh" you use $RANDOM to create a > > temporary file. This is very unsecure and should be replaced by mktemp. > > But it's an example. Security is not compromised by "using" this package, > only by blindly running scripts located under > /usr/share/doc/python2.4/examples...
That's true but I think Debian should never release files with known security issue, neither in direct use, nor as example script. Maybe severity was set too high, but I think this is a bug and should be solved. For my part after release if such fixes are not accepted during freeze... Cheers, Hauke
signature.asc
Description: Digital signature
