Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File
Cyril Brulebois
kibi at debian.org
Sun May 6 20:48:45 UTC 2012
Hi,
(strange to see your mail target the bug report and no-one else; Cc
added manually.)
gregor herrmann <gregoa at debian.org> (06/05/2012):
> Attached is a backport of the fix for squeeze; reviews welcome.
>
> Dear security and release teams: Please advise on how to proceed;
> does s-p-u sound right for this isse?
I'm happy to take it for s-p-u, but the merge window is supposed to
close this weekend. Given the fix looks pretty straightforward, I think
I'd take it even if that's a little late. Adam, do you concur?
(No error handling when doing I/O? Bad. But oh well, using tempfile
makes it look better anyway.)
Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120506/92593908/attachment.pgp>
More information about the pkg-perl-maintainers
mailing list