Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

gregor herrmann gregoa at debian.org
Mon May 7 14:52:02 UTC 2012


On Mon, 07 May 2012 00:04:35 +0200, Cyril Brulebois wrote:

> > > Specifically, a loss of error handling. […]
> > Hm, good catch.
> > Maybe it's better to give this a second look ...
> Given the above, it very much looks like fixing that bug properly in
> unstable first (which is what we encourage all the time anyway), taking
> some time to think about it, would be better than hurrying up.

Agreed.
Thanks for taking the time to review the diff and point out this
issue!
 
I've now opened an upstream ticket:
https://rt.cpan.org/Ticket/Display.html?id=77039

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Bruce Springsteen: Waitin' on a Sunny Day
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120507/65e1affc/attachment.pgp>


More information about the pkg-perl-maintainers mailing list