Re: [SRM] devscripts update (#507482)

To: Philipp Kern <pkern@debian.org>
Cc: debian-release@lists.debian.org, pkg-devscripts <pkg-devscripts@teams.debian.net>
Subject: Re: [SRM] devscripts update (#507482)
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 09 Jan 2009 15:07:28 +0000
Message-id: <[🔎] 1231513648.637.3.camel@kaa.jungle.aubergine.my-net-space.net>
In-reply-to: <[🔎] 20090109091826.GA9858@durotan.0x539.de>
References: <[🔎] 1231456843.4377.12.camel@kaa.jungle.aubergine.my-net-space.net> <[🔎] 20090109091826.GA9858@durotan.0x539.de>

On Fri, 2009-01-09 at 10:18 +0100, Philipp Kern wrote:
> On Thu, Jan 08, 2009 at 11:20:43PM +0000, Adam D. Barratt wrote:
> > The devscripts package in etch has an insecure temporary directory issue
> > when signing files which are copied from a remote machine; see #507482. 
> > 
> > The security team don't consider this to warrant a DSA - would it be
> > suitable for a stable update? I've attached a minimal debdiff.
> 
> Would be acceptable,

Thanks.

> but I wonder if the usage of $TEMP_DIR after cd and rm should be quoted?

Quoting shouldn't be required around the variable, as the output of
mktemp should be sane; I'm happy to add quoting if you'd prefer,
however. (To be honest, I don't think any of the quoting around the
mktemp call itself is actually required, I just tend to apply
belt-and-braces).

Regards,

Adam

Reply to:

Follow-Ups:
- Re: [SRM] devscripts update (#507482)
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: [SRM] devscripts update (#507482)
  - From: Russ Allbery <rra@debian.org>

References:
- [SRM] devscripts update (#507482)
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: [SRM] devscripts update (#507482)
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: please unblock tuxtype 1.5.17.dfsg1-4
Next by Date: Re: Bug#509697: Python 2.5, ctypes, and binutils
Previous by thread: Re: [SRM] devscripts update (#507482)
Next by thread: Re: [SRM] devscripts update (#507482)
Index(es):
- Date
- Thread