Re: Bug#291542: rcs: [source] warning: the use of `mktemp' is dangerous, better use `mkstemp'

To: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Cc: 291542@bugs.debian.org, Mark Baker <mark@mnb.org.uk>, control@bugs.debian.org, debian-release@lists.debian.org
Subject: Re: Bug#291542: rcs: [source] warning: the use of `mktemp' is dangerous, better use `mkstemp'
From: Jari Aalto <jari.aalto@cante.net>
Date: Mon, 07 Feb 2005 12:45:30 +0200
Message-id: <[🔎] E1Cy6OY-0004Sd-Cg@cante.cante.net>
References: <E1Cry4h-0004Ha-AW@cante.cante.net> <41F142B2.1030400@mnb.org.uk>

| reopen 291542
| severity 291542 grave
| tags 291542 security sarge
| thanks
| 
| On Fri, Jan 21, 2005 at 05:58:10PM +0000, Mark Baker wrote:
| > Jari Aalto wrote:
| > 
| > >Severity: minor
| > > 
| > >
| > Minor? It's a potential security hole, albeit not a serious one.
| 
| Hm, then why didn't you upgrade this to grave, and tag it security? This
| bug needs to be tracked, otherwise chances are that it'd slip in Sarge
| as your package is frozen.
|  
| Note: I didn't check out the actual claims to a vulnerability, just
| following the assassment of the maintainer.

I din't know that mkstemp compiling errors should be reported with
high priority.

Btw, it would be nice if the policy manual would point people to a
document that would list examples; what kind of errors could/should be
reported as "security violations". There could be section like
"compiling" and "mkstemp" mentioned.

Jari

Reply to:

Prev by Date: Re: Bug#291542: rcs: [source] warning: the use of `mktemp' is dangerous, better use `mkstemp'
Next by Date: Re: [xml/sgml-pkgs] Bug#293989: xsl stylesheet does not work anymore
Previous by thread: Re: Bug#291542: rcs: [source] warning: the use of `mktemp' is dangerous, better use `mkstemp'
Next by thread: Re: [xml/sgml-pkgs] Bug#293989: xsl stylesheet does not work anymore
Index(es):
- Date
- Thread