Re: Stable update of hplip for CVE-2011-2722 (#635549) ?
On Thu, 2011-12-01 at 20:17 +0000, Adam D. Barratt wrote:
> On Fri, 2011-11-25 at 14:58 +0100, Didier Raboud wrote:
> > * Fix CVE-2011-2722 "Insecure tempfile handling" by patching the culprit
> > code out. (Closes: #635549)
> I'm assuming the debug code isn't likely to be used that often? The
> upstream bug (<URL:https://bugs.launchpad.net/hplip/+bug/809904>)
> implies that they were looking at replacing the code with a mkstemp()
> call, rather than removing it. If it's basically unused then patching
> it out should be okay though.
fwiw, the above wasn't a rhetorical question. I was anticipating that
the next action would have been a reply, not an upload...
Anyway, now the upload has occurred, it will get processed in due