subject:"Bug#911969\: devscripts\: more bad signal handling leading to insecure use of \/tmp"

Bug#911969: devscripts: more bad signal handling leading to insecure use of /tmp

2018-11-06 Thread Jakub Wilk

* Mattia Rizzolo , 2018-11-06, 20:58: I'd appreciate if you could have a look at my commit and tell me if you see anything off. It looks good to me. -- Jakub Wilk

Bug#911969: devscripts: more bad signal handling leading to insecure use of /tmp

2018-11-06 Thread Mattia Rizzolo

user devscri...@packages.debian.org usertags 911969 cvs-deb cvs-debrelease deb-reversion debsign dscextract getbuildlog mergechanges pts-subscribe wnpp-alert wnpp-check thanks Hi, On Fri, Oct 26, 2018 at 08:54:36PM +0200, Jakub Wilk wrote: > I've found quite a few bugs similar to #911720 in devs

Bug#911969: devscripts: more bad signal handling leading to insecure use of /tmp

2018-10-26 Thread Jakub Wilk

Package: devscripts Version: 2.18.7 Tags: security I've found quite a few bugs similar to #911720 in devscripts codebase. Here are excerpts of buggy code (with boring parts omitted): * cvs-debi, cvs-debrelease: TEMPDIR=$(mktemp -dt cvs-debi.) || ... TEMPFILE=$TEMPDIR/cl-tmp trap