* Norbert Preining:
+ fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0666);
0600? 0666 might lead to an information leak.
@@ -1615,14 +1626,15 @@
/* Return a newly-allocated string concatenating S1 and S2. */
This comment is outdated after the patch.
--
To UNSUBSCRIBE, email to [EMAIL
Karl?
Your cvs also shows 0666. I guess 0600 would be ok.
On Mit, 05 Okt 2005, Florian Weimer wrote:
* Norbert Preining:
+ fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0666);
0600? 0666 might lead to an information leak.
@@ -1615,14 +1626,15 @@
/* Return a newly-allocated string
0600? 0666 might lead to an information leak.
Thanks, changed.
This comment is outdated after the patch.
Right. I fixed that comment and a couple other minor things when I applied.
Thanks,
Karl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
On Fre, 30 Sep 2005, Karl Berry wrote:
I've adapted the OpenBSD stuff and created a patch. Maybe
you want to look at it if this works.
Thanks for doing this.
In general, the OpenBSD code seems to be a couple versions back, as it
has KR function definitions and omits a couple other
In fact the patch seems to be against texinfo-4.8, the last released
version of texinfo.
Well, the patch applies, but that's not what I was saying.
One question: For the upcoming texinfo-4.8 package in Debian, can I use
the patch of Henry, Karl?
It's up to you, but I don't
On Son, 02 Okt 2005, Karl Berry wrote:
It's up to you, but I don't advise it. It reverts many declarations to
KR form (i.e., a much older texindex.c). Aside from that, it also
reverts at least one bug fix I made regarding initials (years ago).
Perhaps you or someone could work on just
Can you please comment on my first try on this, attached.
That looks just fine. I'll apply it later today or tomorrow. Thanks
Norbert!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hello,
I've adapted the OpenBSD stuff and created a patch. Maybe
you want to look at it if this works.
Regards,
Henry
texindex-racecondition.patch
Description: Binary data
I've adapted the OpenBSD stuff and created a patch. Maybe
you want to look at it if this works.
Thanks for doing this.
In general, the OpenBSD code seems to be a couple versions back, as it
has KR function definitions and omits a couple other changes I made
(quite) a while ago.
I wonder
Martin Pitt [EMAIL PROTECTED] wrote:
Hi!
This has been assigned CAN-2005-3011, please mention this number in
the changelog when you fix this to allow easy tracking.
The current version, 4.8, is as well vulnerable:
[EMAIL PROTECTED]:~$ diff -u
Hi Frank!
Frank Küster [2005-09-28 16:11 +0200]:
The current version, 4.8, is as well vulnerable:
[EMAIL PROTECTED]:~$ diff -u
src/packages_for_sponsoring/texinfo-4.{7,8}/util/texindex.c
--- src/packages_for_sponsoring/texinfo-4.7/util/texindex.c 2004-03-18
23:26:53.0 +0100
On Wed, Sep 28, 2005 at 04:11:48PM +0200, Frank Küster wrote:
P.S. Frank, since you seem to be working on the source code of 4.7,
maybe you want to join the discussion in #320413 about taking over the
package from Josip, who seems to be MIA.
All my involvements with texinfo were either from
This has been assigned CAN-2005-3011, please mention this number in
the changelog when you fix this to allow easy tracking.
Someone, please send me the actual bug report, and (hopefully) a fix.
Thanks,
karl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
On Wed, Sep 28, 2005 at 10:58:51AM -0500, Karl Berry wrote:
This has been assigned CAN-2005-3011, please mention this number in
the changelog when you fix this to allow easy tracking.
Someone, please send me the actual bug report, and (hopefully) a fix.
See
[EMAIL PROTECTED] (Karl Berry) wrote:
This has been assigned CAN-2005-3011, please mention this number in
the changelog when you fix this to allow easy tracking.
Someone, please send me the actual bug report, and (hopefully) a fix.
Karl, I forgot to ask you what happened to
[EMAIL PROTECTED] (Karl Berry) wrote:
This has been assigned CAN-2005-3011, please mention this number in
the changelog when you fix this to allow easy tracking.
Someone, please send me the actual bug report, and (hopefully) a fix.
Excuse me - any Debian bug report can be accessed
It increased its revision control version number from 1.3 to 1.11,
but there are no changes - have they all been reverted?
There were no changes to texindex.c. The $Id$ change isn't meaningful
-- it happened because of temporarily moving Texinfo to berlios (because
savannah was dead for
Package: texinfo
Version: 4.7-2.2
Severity: important
Tags: security
There is a race condition on creating temporary files in texindex.
The following function generates the name of the temporary file:
static char *
maketempname (int count)
{
static char *tempbase = NULL;
char tempsuffix[10];
18 matches
Mail list logo