Bug#855142: marked as done (tmpfile are not random)

Wed, 15 Feb 2017 02:03:57 -0800 

Your message dated Wed, 15 Feb 2017 11:01:10 +0100
with message-id 
<CAE2SPAa9qcJjLXJmS0Y8hX6PK6OGHHLesFQQqN33Oz96e=r...@mail.gmail.com>
and subject line Re: Bug#855142: Acknowledgement (tmpfile are not random)
has caused the Debian Bug report #855142,
regarding tmpfile are not random
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
855142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: src:pdfsandwich
version: 0.1.6-1
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

Hi,

pdfsandwish use totally previsible file name like
/tmp/pdfsandwich_inputfileea1150.pdf[11]

Security team could you open a CVE ?

Upsteam should use for instance a tmpname subdirectory

Bastien

--- End Message ---
--- Begin Message --- 
Close for now but will investigate ocaml tempfile method. Integer is
only 5 digits seems strange

On Tue, Feb 14, 2017 at 5:27 PM, Debian Bug Tracking System
<ow...@bugs.debian.org> wrote:
> Thank you for filing a new Bug report with Debian.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> As you requested using X-Debbugs-CC, your message was also forwarded to
>   secure-testing-t...@lists.alioth.debian.org
> (after having been given a Bug report number, if it did not have one).
>
> Your message has been sent to the package maintainer(s):
>  Tobias Frost <t...@debian.org>
>
> If you wish to submit further information on this problem, please
> send it to 855...@bugs.debian.org.
>
> Please do not send mail to ow...@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
>
> --
> 855142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855142
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems

--- End Message ---

Reply via email to