[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kaffe marked remove (was Release-critical Bugreport for May 9, 2003)

On Fri, 2003-05-09 at 19:23, Adam Heath wrote: 
> This is a bug that exists in *stable*, and does *not* exist in
> unstable(upstream requires the user to explicitly set a file to use, and
> doesn't pick one itself).  It was only filed this week.  The other RC bug has
> been fixed.  Please mark kaffe as not being removed.  It's stupid to remove it
> because of one bug that's less than a week old.

Agreed!

I'm in the process of closing the bug on 1.0.5 but there is some
question as to how the problem should be solved. I can follow the
behavior of the Kaffe 1.0.7 scripts or use mktemp/mkstemp like gcc. For
the sake of expediency I will probably use the 1.0.7 approach of making
the user specify the tempfile, or create a directory.

In any case, please chill out. The exploit is only valid when Kaffe is
in debug mode and doesn't really present a tangible threat to a normally
operating Debian box (with, like, Freenet or something running).

-- 
_____________________________________________________________________
Ean Schuessler                                      ean@brainfood.com
Brainfood, Inc.                              http://www.brainfood.com
Reply to: