On Sun, 2011-12-11 at 18:02 +0000, Adam D. Barratt wrote: > On Sun, 2011-12-04 at 17:26 +0000, Adam D. Barratt wrote: > > On Thu, 2011-12-01 at 20:17 +0000, Adam D. Barratt wrote: > > > On Fri, 2011-11-25 at 14:58 +0100, Didier Raboud wrote: > > > > * Fix CVE-2011-2722 "Insecure tempfile handling" by patching the > > > > culprit > > > > code out. (Closes: #635549) > > > > > > I'm assuming the debug code isn't likely to be used that often? The > > > upstream bug (<URL:https://bugs.launchpad.net/hplip/+bug/809904>) > > > implies that they were looking at replacing the code with a mkstemp() > > > call, rather than removing it. If it's basically unused then patching > > > it out should be okay though. > > > > fwiw, the above wasn't a rhetorical question. I was anticipating that > > the next action would have been a reply, not an upload... > > Having said that, a reply wouldn't be unwelcome...
Reply came there none. Given that the affected code hasn't re-appeared in unstable, I've flagged the upload for acceptance, but for the record I'm somewhat unimpressed by the lack of response to any of my queries. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
