[Python-modules-team] Bug#652653: python-virtualenv: insecure /tmp file handling

Piotr Ożarowski piotr at debian.org
Tue Dec 20 08:44:54 UTC 2011


[Adam D. Barratt, 2011-12-19]
> I noticed that an upload which appears to fix this issue (although
> without reference the bug number) has appeared in p-u-NEW.  Whilst

sorry, I didn't notice a bug was reported

> that's an admirable turn-around :-) it really should have been discussed
> with the SRMs first, rather than simply uploading (I believe this is
> well documented enough by now - if not, please point out where and how
> we could make it clearer).

ups, I assumed someone from SRMs is in the thread

> Looking at the diff, and the equivalent code in the unstable package,
> there seems to be a missing component - namely, that the directory
> created via mkdtemp() is never cleaned up.  Am I missing something, or
> does fixing this issue result in orphaned temporary directories?

the old code didn't do it as well, I can update the patch to remove it
-- 
Piotr Ożarowski                         Debian GNU/Linux Developer
www.ozarowski.pl          www.griffith.cc           www.debian.org
GPG Fingerprint: 1D2F A898 58DA AF62 1786 2DF7 AEF6 F1A2 A745 7645





More information about the Python-modules-team mailing list