patch / CVE-2018-1000156

To: debian-lts@lists.debian.org
Subject: patch / CVE-2018-1000156
From: Brian May <bam@debian.org>
Date: Thu, 12 Apr 2018 16:57:49 +1000
Message-id: <[🔎] 87zi28ap3m.fsf@silverfish.pri>

Not sure I understand this comment from dla-needed.txt:

NOTE: 20180407: of a rabbit-hole with respect all the newer "safe_"
foo. I suspect if we can just avoid calling

NOTE: 20180407: make_tempfile (from src/util.c) and safe_unlink (from
src/safe.c) then we can avoid most of this. (lamby)

The patch - good version at
http://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d
doesn't touch the files noted above.

What is this "rabbit-hole" being referred to?
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: patch / CVE-2018-1000156
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Re: calibre / CVE-2018-7889
Next by Date: Re: patch / CVE-2018-1000156
Previous by thread: Re: tiff updates
Next by thread: Re: patch / CVE-2018-1000156
Index(es):
- Date
- Thread