Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File
Cyril Brulebois
kibi at debian.org
Sun May 6 22:04:35 UTC 2012
gregor herrmann <gregoa at debian.org> (06/05/2012):
> > Specifically, a loss of error handling. […]
Yeah, my bad. Shouldn't try and mix paracetamol and s-p-u diff reviews…
Sorry about that.
> Hm, good catch.
> (tempfile() indeed just croak()s on errors according to the
> documentation).
>
> Maybe it's better to give this a second look ...
Given the above, it very much looks like fixing that bug properly in
unstable first (which is what we encourage all the time anyway), taking
some time to think about it, would be better than hurrying up.
→ Next point release.
Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120507/2122da64/attachment.pgp>
More information about the pkg-perl-maintainers
mailing list