Re: Bug#291542: rcs: [source] warning: the use of `mktemp' is dangerous, better use `mkstemp'
| reopen 291542
| severity 291542 grave
| tags 291542 security sarge
| thanks
|
| On Fri, Jan 21, 2005 at 05:58:10PM +0000, Mark Baker wrote:
| > Jari Aalto wrote:
| >
| > >Severity: minor
| > >
| > >
| > Minor? It's a potential security hole, albeit not a serious one.
|
| Hm, then why didn't you upgrade this to grave, and tag it security? This
| bug needs to be tracked, otherwise chances are that it'd slip in Sarge
| as your package is frozen.
|
| Note: I didn't check out the actual claims to a vulnerability, just
| following the assassment of the maintainer.
I din't know that mkstemp compiling errors should be reported with
high priority.
Btw, it would be nice if the policy manual would point people to a
document that would list examples; what kind of errors could/should be
reported as "security violations". There could be section like
"compiling" and "mkstemp" mentioned.
Jari
Reply to: