[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stable update of hplip for CVE-2011-2722 (#635549) ?

On Sun, 2011-12-11 at 18:02 +0000, Adam D. Barratt wrote:
> On Sun, 2011-12-04 at 17:26 +0000, Adam D. Barratt wrote:
> > On Thu, 2011-12-01 at 20:17 +0000, Adam D. Barratt wrote:
> > > On Fri, 2011-11-25 at 14:58 +0100, Didier Raboud wrote:
> > > >       * Fix CVE-2011-2722 "Insecure tempfile handling" by patching the culprit
> > > >         code out. (Closes: #635549)
> > > 
> > > I'm assuming the debug code isn't likely to be used that often?  The
> > > upstream bug (<URL:https://bugs.launchpad.net/hplip/+bug/809904>)
> > > implies that they were looking at replacing the code with a mkstemp()
> > > call, rather than removing it.  If it's basically unused then patching
> > > it out should be okay though.
> > 
> > fwiw, the above wasn't a rhetorical question.  I was anticipating that
> > the next action would have been a reply, not an upload...
> 
> Having said that, a reply wouldn't be unwelcome...

Reply came there none.

Given that the affected code hasn't re-appeared in unstable, I've
flagged the upload for acceptance, but for the record I'm somewhat
unimpressed by the lack of response to any of my queries.

Regards,

Adam
Reply to: