Bug#806640: jessie-pu: package gummi/0.6.5-3+deb8u1

To: Daniel Stender <debian@danielstender.com>, 806640@bugs.debian.org
Subject: Bug#806640: jessie-pu: package gummi/0.6.5-3+deb8u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 01 Jan 2016 17:50:30 +0000
Message-id: <[🔎] 1451670630.2006.24.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 806640@bugs.debian.org
In-reply-to: <144881785548.11385.6319609585628249688.reportbug@localhost>
References: <144881785548.11385.6319609585628249688.reportbug@localhost>

Control: tags -1 + moreinfo

On Sun, 2015-11-29 at 18:24 +0100, Daniel Stender wrote:
> I propose an update of Gummi in Jessie.
> 
> The applied patch is a fix of security problem CVE 2015-7758 [1].

+-        ec->basename = g_strdup_printf ("%s%c.%s", dir, G_DIR_SEPARATOR, base);
+-        ec->workfile = g_strdup_printf ("%s.swp", ec->basename);
+-        ec->pdffile =  g_strdup_printf ("%s%c.%s.pdf", C_TMPDIR,
+-                                       G_DIR_SEPARATOR, base);
++        ec->basename = g_strdup (ec->fdname);
++        ec->workfile = g_strdup (ec->fdname);
++        ec->pdffile =  g_strdup_printf ("%s.pdf", ec->fdname);

Apologies if I'm missing something, particularly what "workfile" refers
to in this case, but does this run the risk of overwriting the original
file?

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#806640: jessie-pu: package gummi/0.6.5-3+deb8u1
  - From: Daniel Stender <debian@danielstender.com>

Prev by Date: Bug#781726: marked as done (how to solve the live-tools upgrade issue? #781725)
Next by Date: Processed: Re: Bug#806640: jessie-pu: package gummi/0.6.5-3+deb8u1
Previous by thread: Bug#781726: marked as done (how to solve the live-tools upgrade issue? #781725)
Next by thread: Processed: Re: Bug#806640: jessie-pu: package gummi/0.6.5-3+deb8u1
Index(es):
- Date
- Thread