Re: Kaffe marked remove (was Release-critical Bugreport for May 9, 2003)
On Fri, 2003-05-09 at 19:23, Adam Heath wrote:
> This is a bug that exists in *stable*, and does *not* exist in
> unstable(upstream requires the user to explicitly set a file to use, and
> doesn't pick one itself). It was only filed this week. The other RC bug has
> been fixed. Please mark kaffe as not being removed. It's stupid to remove it
> because of one bug that's less than a week old.
Agreed!
I'm in the process of closing the bug on 1.0.5 but there is some
question as to how the problem should be solved. I can follow the
behavior of the Kaffe 1.0.7 scripts or use mktemp/mkstemp like gcc. For
the sake of expediency I will probably use the 1.0.7 approach of making
the user specify the tempfile, or create a directory.
In any case, please chill out. The exploit is only valid when Kaffe is
in debug mode and doesn't really present a tangible threat to a normally
operating Debian box (with, like, Freenet or something running).
--
_____________________________________________________________________
Ean Schuessler ean@brainfood.com
Brainfood, Inc. http://www.brainfood.com
Reply to: