Package: xfig Version: 1:3.2.5.b-1 X-Debbugs-CC: bvsm...@lbl.gov Hello. Both patch found in Debian and fix in xfig.3.2.5b miss hunk for u_print.c:
sprintf(tmp_fig_file, "%s/%s%06d", TMPDIR, "xfig-fig", getpid()); (noticed by Tomas Hoger: https://bugzilla.redhat.com/show_bug.cgi?id=505257#c1) and thus insecure use of temporary files is still possible. I failed to find fix and thus I've recreated it from scratch: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-gfx/xfig/files/xfig-3.2.5b-mkstemp.patch?rev=1.1&view=markup Please, check patch and if it's correct apply both in Debian and upstream. Thanks, -- Peter. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org