[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: address@hidden: Bug#538330: groff: pdfroff uses (and documents!) ins
From: |
Colin Watson |
Subject: |
Re: address@hidden: Bug#538330: groff: pdfroff uses (and documents!) insecure temporary files] |
Date: |
Sat, 15 Aug 2009 08:54:50 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Sat, Jul 25, 2009 at 09:30:18AM +0100, Colin Watson wrote:
> See attached report; this is indeed a standard anti-pattern resulting in
> security vulnerabilities. In Debian I'd be rather tempted to use 'mktemp
> -d' to fix this. What do you think?
Nico Golde points out that Openwall have a patch for this. I'm applying
this to the Debian package:
curl -s
'http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff'
| filterdiff -i '*pdfroff*'
Thanks,
--
Colin Watson address@hidden