Hi, On Mon, 2011-12-19 at 17:19 +0100, Nico Golde wrote: > it was discovered that python-virtualenv is handling /tmp files in an > insecure manner. > The following patch fixed this problem: > https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
I noticed that an upload which appears to fix this issue (although without reference the bug number) has appeared in p-u-NEW. Whilst that's an admirable turn-around :-) it really should have been discussed with the SRMs first, rather than simply uploading (I believe this is well documented enough by now - if not, please point out where and how we could make it clearer). Looking at the diff, and the equivalent code in the unstable package, there seems to be a missing component - namely, that the directory created via mkdtemp() is never cleaned up. Am I missing something, or does fixing this issue result in orphaned temporary directories? Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
