* Giulio Paci <giuliop...@gmail.com>, 2013-02-20, 20:46:
As far as I can see, src/test/fst_test.h creates temporary files
insecurely.
Relevant applications are now using private directory to store
temporary files. As far as I can see, this solves the issue.
It solves it for Debian, but the problem should be fixed upstream as
well. Please notify them about the bug, if you haven't already.
I already forwarded the patch.
I'm confused. Which patch exactly did you forward?
I was referring to 1004_set_tmpdir_default_to_TMPDIR.patch.
Yup, but that doesn't fix the security hole; it merely allows those who
are aware of it to work around it.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130222192657.gc1...@jwilk.net
