Re: [SRM] devscripts update (#507482)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: debian-release@lists.debian.org, pkg-devscripts <pkg-devscripts@teams.debian.net>
Subject: Re: [SRM] devscripts update (#507482)
From: Philipp Kern <pkern@debian.org>
Date: Fri, 9 Jan 2009 10:18:26 +0100
Message-id: <[🔎] 20090109091826.GA9858@durotan.0x539.de>
In-reply-to: <[🔎] 1231456843.4377.12.camel@kaa.jungle.aubergine.my-net-space.net>
References: <[🔎] 1231456843.4377.12.camel@kaa.jungle.aubergine.my-net-space.net>

On Thu, Jan 08, 2009 at 11:20:43PM +0000, Adam D. Barratt wrote:
> The devscripts package in etch has an insecure temporary directory issue
> when signing files which are copied from a remote machine; see #507482. 
> 
> The security team don't consider this to warrant a DSA - would it be
> suitable for a stable update? I've attached a minimal debdiff.

Would be acceptable, but I wonder if the usage of $TEMP_DIR after cd
and rm should be quoted?


Kind regards,
Philipp Kern
-- 
 .''`.  Philipp Kern                        Debian Developer
: :' :  http://philkern.de                         Release Assistant
`. `'   xmpp:phil@0x539.de                         Stable Release Manager
  `-    finger pkern/key@db.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: [SRM] devscripts update (#507482)
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- [SRM] devscripts update (#507482)
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Post-2:3.2.5-3 fixes for samba packages
Next by Date: please unblock tuxtype 1.5.17.dfsg1-4
Previous by thread: [SRM] devscripts update (#507482)
Next by thread: Re: [SRM] devscripts update (#507482)
Index(es):
- Date
- Thread