[Pkg-javascript-devel] Bug#715325: Bug#715325: npm: leaves lots of stuff in /tmp
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jul 10 16:17:09 UTC 2013
On 07/10/2013 12:11 PM, Jérémy Lal wrote:
> The security issue is fixed there :
> https://github.com/isaacs/npm/commit/f4d31693
>
> this will eventually come to npm debian package.
Thanks for the followup on this, jérémy!
I confess i'm kind of amazed that node doesn't have any primitive like
mkstemp(3), or if it does, that npm isn't using such a primitive.
Has a CVE been requested or assigned for this yet? I'd be happy to make
the request if you think that would be useful.
regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20130710/6d5fe40b/attachment.sig>
More information about the Pkg-javascript-devel
mailing list