Re: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)

Roman Rakus wrote: > Roman Rakus wrote: >> References: >> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5374 >> http://lists.debian.org/debian-devel/2008/08/msg00347.html >> http://uvw.ru/report.sid.txt >> >> >> >> Attaching patch. Changed to use mktemp. >> RR > Attached a bit improved

Re: wrong PS1 var width calculation

> On Tue, Dec 9, 2008 at 2:32 PM, Cheng Renquan wrote: > > On Tue, Dec 9, 2008 at 11:40 AM, Chet Ramey wrote: > >> Investigate patch 44. It should fix this. > > > > From where? All bash patches are available from ftp.cwru.edu and ftp.gnu.org. Try ftp://ftp.cwru.edu/pub/bash/bash-3.2-patches/.

Re: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)

Roman Rakus wrote: References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5374 http://lists.debian.org/debian-devel/2008/08/msg00347.html http://uvw.ru/report.sid.txt Attaching patch. Changed to use mktemp. RR Attached a bit improved patch. What do you think about it Chet? RR dif