[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SRM] devscripts update (#507482)

On Fri, 2009-01-09 at 10:18 +0100, Philipp Kern wrote:
> On Thu, Jan 08, 2009 at 11:20:43PM +0000, Adam D. Barratt wrote:
> > The devscripts package in etch has an insecure temporary directory issue
> > when signing files which are copied from a remote machine; see #507482. 
> > 
> > The security team don't consider this to warrant a DSA - would it be
> > suitable for a stable update? I've attached a minimal debdiff.
> Would be acceptable,


> but I wonder if the usage of $TEMP_DIR after cd and rm should be quoted?

Quoting shouldn't be required around the variable, as the output of
mktemp should be sane; I'm happy to add quoting if you'd prefer,
however. (To be honest, I don't think any of the quoting around the
mktemp call itself is actually required, I just tend to apply



Reply to: