Re: stalin: CVE-2015-8697: Insecure use of temporary files

To: debian-security@lists.debian.org
Subject: Re: stalin: CVE-2015-8697: Insecure use of temporary files
From: Rob Browning <rlb@defaultvalue.org>
Date: Thu, 14 Jan 2016 22:40:10 -0600
Message-id: <[🔎] 87bn8ne9qt.fsf@trouble.defaultvalue.org>

I believe the package is scheduled to be removed next week, and I'm
still waiting on a discussion with upstream about a (non-trivial) patch
I wrote to attempt to address the problem.

So I wanted to ask for an opinion about the claim here that it might be
reasonable to lower the severity:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808730#20

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Reply to:

Follow-Ups:
- Re: stalin: CVE-2015-8697: Insecure use of temporary files
  - From: Rob Browning <rlb@defaultvalue.org>

Prev by Date: Re: [SECURITY] [DSA 3431-2] ganeti regression update
Next by Date: RE: [SECURITY] [DSA 3431-2] ganeti regression update
Previous by thread: RE: [SECURITY] [DSA 3431-2] ganeti regression update
Next by thread: Re: stalin: CVE-2015-8697: Insecure use of temporary files
Index(es):
- Date
- Thread