On Sun, 4 Sep 2011 19:26:47 -0500 Jonathan Nieder wrote:
> (-cc: bug#640389; +cc: bug#635849)
>
> Michael Gilbert wrote:
> > Jonathan Nieder wrote:
>
> >> [1] The crux in bug #635849 is that if the user is allowed to
> >> influence TMPDIR or the template argument then the filename returned
> >>
Jonathan Nieder wrote:
> The underescaping is the original (and only) bug.
I forgot to say: thanks for fixing the security-relevant symptom in
the archive so quickly!
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listma
(-cc: bug#640389; +cc: bug#635849)
Michael Gilbert wrote:
> Jonathan Nieder wrote:
>> [1] The crux in bug #635849 is that if the user is allowed to
>> influence TMPDIR or the template argument then the filename returned
>> by tempfile and mktemp cannot be trusted not to contain shell
>> metachara
3 matches
Mail list logo
