bug-texinfo
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

temporary file race in texindex (was: CAN number)


From: Frank Küster
Subject: temporary file race in texindex (was: CAN number)
Date: Wed, 28 Sep 2005 16:11:48 +0200
User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux)

Martin Pitt <address@hidden> wrote:

> Hi!
>
> This has been assigned CAN-2005-3011, please mention this number in
> the changelog when you fix this to allow easy tracking.

The current version, 4.8, is as well vulnerable:

address@hidden:~$ diff -u 
src/packages_for_sponsoring/texinfo-4.{7,8}/util/texindex.c 
--- src/packages_for_sponsoring/texinfo-4.7/util/texindex.c     2004-03-18 
23:26:53.000000000 +0100
+++ src/packages_for_sponsoring/texinfo-4.8/util/texindex.c     2004-04-11 
19:56:47.000000000 +0200
@@ -1,5 +1,5 @@
 /* texindex -- sort TeX index dribble output into an actual index.
-   $Id: texindex.c,v 1.3 2004/03/18 22:26:53 karl Exp $
+   $Id: texindex.c,v 1.11 2004/04/11 17:56:47 karl Exp $
 
    Copyright (C) 1987, 1991, 1992, 1996, 1997, 1998, 1999, 2000, 2001,
    2002, 2003, 2004 Free Software Foundation, Inc.

I have no idea whether and how I can (request to) change the info in the CVE 
database.

Regards, Frank

P.S. Frank, since you seem to be working on the source code of 4.7,
maybe you want to join the discussion in #320413 about taking over the
package from Josip, who seems to be MIA.
-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer





reply via email to

[Prev in Thread] Current Thread [Next in Thread]