[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-devel:15538] Re: Test package of xdvik-ja 22.40t-j1.12 is available
- From: Atsuhito Kohda <kohda@xxxxxxxxxxxxxxxxxxxx>
- Subject: [debian-devel:15538] Re: Test package of xdvik-ja 22.40t-j1.12 is available
- Date: Fri, 31 Jan 2003 17:11:42 +0900
- List-help: <mailto:debian-devel-ctl@debian.or.jp?body=help>
- List-id: debian-devel.debian.or.jp
- List-owner: <mailto:debian-devel-admin@debian.or.jp>
- List-post: <mailto:debian-devel@debian.or.jp>
- List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
- List-unsubscribe: <mailto:debian-devel-ctl@debian.or.jp?body=unsubscribe>
- X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-devel-ctl@debian.or.jp; help=<mailto:debian-devel-ctl@debian.or.jp?body=help>
- X-ml-name: debian-devel
- X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
- X-spam-level:
- X-spam-status: No, hits=-0.1 required=10.0 tests=IN_REP_TO,ISO2022JP_CHARSET,ISO2022JP_BODY,CASHCASHCASH, DOUBLE_CAPSWORD,US_DOLLARS_2,UPPERCASE_25_50,WEIRD_PORT version=2.31
- References: <20030131144512E.1000@xxxxxxxxxxxxxxxxxxxxxxx> <20030131.152821.104050710.kohda@xxxxxxxxxxxxxxxxxxxx> <20030131160153W.1000@xxxxxxxxxxxxxxxxxxxxxxx>
- Message-id: <20030131.171138.78723231.kohda@xxxxxxxxxxxxxxxxxxxx>
- X-mail-count: 15538
- X-mailer: Mew version 3.1 on Emacs 21.2 / Mule 5.0 (SAKAKI)
From: TSUCHIYA Masatoshi <tsuchiya@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [debian-devel:15536] Re: Test package of xdvik-ja 22.40t-j1.12 is available
Date: Fri, 31 Jan 2003 16:01:55 +0900
> >Bug#174987 を取り敢えずご覧ください。
>
> 了解しました.
>
> しかし,このバグ報告によれば,セキュリティホールは結局なかったというこ
> とになりませんか?
>
> BTS>> The new xdvi wrapper in /usr/bin has the following problems:
> BTS>>
> BTS>> - The temporary file that compressed files are decompressed into is
> BTS>> created in the current working directory. This creates a race
> BTS>> condition and exploitable security hole.
> BTS>
> BTS> Please see the documentation of File::Temp; this *is* safe. (And it's
> BTS> probably better to use a well-tested, documented secure interface like
> BTS> this than to rewrite our own.)
>
> というやりとりが交わされているので.
えーと Perl は理解できないので間違ってるかもわかりませ
んが,この続きも読まれましたか?
後になって,これはやはり grave だから修正版を可能な限り
早く upload して,と言われたのですが。
> 私の変更は,この部分を open から File::Temp に戻した変更に相当しますか
> ら,他のバグ修正は大丈夫のはずです.
これはそうかも分りませんが,念の為,一応上の Bug 報告を最後
まで読んでみてください(^^;
平成15年1月31日(金)
--
***************************
香田 温人(こうだ あつひと)
http://www1.pm.tokushima-u.ac.jp/%7Ekohda/