Re: [SRM] devscripts update (#507482)
On Fri, 2009-01-09 at 10:18 +0100, Philipp Kern wrote:
> On Thu, Jan 08, 2009 at 11:20:43PM +0000, Adam D. Barratt wrote:
> > The devscripts package in etch has an insecure temporary directory issue
> > when signing files which are copied from a remote machine; see #507482.
> >
> > The security team don't consider this to warrant a DSA - would it be
> > suitable for a stable update? I've attached a minimal debdiff.
>
> Would be acceptable,
Thanks.
> but I wonder if the usage of $TEMP_DIR after cd and rm should be quoted?
Quoting shouldn't be required around the variable, as the output of
mktemp should be sane; I'm happy to add quoting if you'd prefer,
however. (To be honest, I don't think any of the quoting around the
mktemp call itself is actually required, I just tend to apply
belt-and-braces).
Regards,
Adam
Reply to: