scheme48 for LTS
Hi,
here is my debdiff for the minor issue with scheme48. Do you have any
objections?
Thorsten
diff -u scheme48-1.8+dfsg/debian/changelog scheme48-1.8+dfsg/debian/changelog
--- scheme48-1.8+dfsg/debian/changelog
+++ scheme48-1.8+dfsg/debian/changelog
@@ -1,3 +1,11 @@
+scheme48 (1.8+dfsg-1+deb6u1) squeeze-lts; urgency=medium
+
+ * patch for insecure use of tmpfile (Closes: #748766)
+ (reported by Steve Kemp, patch by Michael Sperber)
+ (CVE-2014-4150)
+
+ -- Thorsten Alteholz <debian@alteholz.de> Sun, 14 Jun 2014 16:00:00 +0200
+
scheme48 (1.8+dfsg-1) unstable; urgency=low
* Repack upstream tarball to remove non-dfsg-free emacs/cmulisp.el
diff -u scheme48-1.8+dfsg/debian/patches/series scheme48-1.8+dfsg/debian/patches/series
--- scheme48-1.8+dfsg/debian/patches/series
+++ scheme48-1.8+dfsg/debian/patches/series
@@ -9,0 +10 @@
+security-tmpfile.patch
only in patch2:
unchanged:
--- scheme48-1.8+dfsg.orig/debian/patches/security-tmpfile.patch
+++ scheme48-1.8+dfsg/debian/patches/security-tmpfile.patch
@@ -0,0 +1,15 @@
+Author: Mike Sperber <sperber@deinprogramm.de>
+Description: In cmuscheme48.el, use `make-temp-file' instead of constant file name.
+Index: scheme48-1.9/emacs/cmuscheme48.el
+===================================================================
+--- scheme48-1.9.orig/emacs/cmuscheme48.el 2012-12-27 17:43:30.000000000 +0100
++++ scheme48-1.9/emacs/cmuscheme48.el 2014-05-27 19:48:09.000000000 +0200
+@@ -58,7 +58,7 @@
+ (let ((end (point)))
+ (beginning-of-defun)
+ (if losep
+- (let ((loser "/tmp/s48lose.tmp"))
++ (let ((loser (make-temp-file "s48lose")))
+ (write-region (point) end loser)
+ (scheme48-load-file loser))
+ (scheme48-send-region (point) end)))))
Reply to: