Bug#806640: jessie-pu: package gummi/0.6.5-3+deb8u1
Control: tags -1 + moreinfo
On Sun, 2015-11-29 at 18:24 +0100, Daniel Stender wrote:
> I propose an update of Gummi in Jessie.
>
> The applied patch is a fix of security problem CVE 2015-7758 [1].
+- ec->basename = g_strdup_printf ("%s%c.%s", dir, G_DIR_SEPARATOR, base);
+- ec->workfile = g_strdup_printf ("%s.swp", ec->basename);
+- ec->pdffile = g_strdup_printf ("%s%c.%s.pdf", C_TMPDIR,
+- G_DIR_SEPARATOR, base);
++ ec->basename = g_strdup (ec->fdname);
++ ec->workfile = g_strdup (ec->fdname);
++ ec->pdffile = g_strdup_printf ("%s.pdf", ec->fdname);
Apologies if I'm missing something, particularly what "workfile" refers
to in this case, but does this run the risk of overwriting the original
file?
Regards,
Adam
Reply to: