[Python-modules-team] Bug#652653: python-virtualenv: insecure /tmp file handling
Piotr Ożarowski
piotr at debian.org
Tue Dec 20 08:44:54 UTC 2011
[Adam D. Barratt, 2011-12-19]
> I noticed that an upload which appears to fix this issue (although
> without reference the bug number) has appeared in p-u-NEW. Whilst
sorry, I didn't notice a bug was reported
> that's an admirable turn-around :-) it really should have been discussed
> with the SRMs first, rather than simply uploading (I believe this is
> well documented enough by now - if not, please point out where and how
> we could make it clearer).
ups, I assumed someone from SRMs is in the thread
> Looking at the diff, and the equivalent code in the unstable package,
> there seems to be a missing component - namely, that the directory
> created via mkdtemp() is never cleaned up. Am I missing something, or
> does fixing this issue result in orphaned temporary directories?
the old code didn't do it as well, I can update the patch to remove it
--
Piotr Ożarowski Debian GNU/Linux Developer
www.ozarowski.pl www.griffith.cc www.debian.org
GPG Fingerprint: 1D2F A898 58DA AF62 1786 2DF7 AEF6 F1A2 A745 7645
More information about the Python-modules-team
mailing list