This patch is in version 20140328 at CPAN.
On Mon, Mar 10, 2014 at 2:48 PM, Debian Bug Tracking System
ow...@bugs.debian.org wrote:
Thank you for the additional information you have supplied regarding
this Bug report.
This is an automatically generated reply to let you know your message
Control: tag -1 fixed-upstream
On Fri, 28 Mar 2014, Steven Hancock wrote:
This patch is in version 20140328 at CPAN.
Awesome. Thanks Steven! I'll get this packaged for Debian shortly.
--
Don Armstrong http://www.donarmstrong.com
One disk to rule them all, One disk to
On Fri, 07 Mar 2014, Don Armstrong wrote:
On Tue, 04 Mar 2014, Murray McAllister wrote:
Jakub Wilk and Don Armstrong are discussing in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740670 1) perltidy
creating a temporary file with default permissions instead of 0600
2) the use of
Don, Thanks, I will put it in the next release. Steve
On Monday, March 10, 2014, Don Armstrong d...@debian.org wrote:
On Fri, 07 Mar 2014, Don Armstrong wrote:
On Tue, 04 Mar 2014, Murray McAllister wrote:
Jakub Wilk and Don Armstrong are discussing in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Use CVE-2014-2277 for the issue in which, on all platforms, the
filename string returned by make_temporary_filename might be used for
an attacker's symlink before that filename is used by the perltidy
code to write lines into a file.
$^O =~
On Tue, 04 Mar 2014, Murray McAllister wrote:
Jakub Wilk and Don Armstrong are discussing in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740670 1) perltidy
creating a temporary file with default permissions instead of 0600
2) the use of tmpnam().
The following trivial patch fixes this
Hi Don
(dropping oss-security, as Debian specific discussion should not go to
the list there, keeping Murray):
On Fri, Mar 07, 2014 at 06:39:40PM -0800, Don Armstrong wrote:
On Tue, 04 Mar 2014, Murray McAllister wrote:
Jakub Wilk and Don Armstrong are discussing in
Good morning,
Jakub Wilk and Don Armstrong are discussing in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740670 1) perltidy
creating a temporary file with default permissions instead of 0600 2)
the use of tmpnam().
From that bug:
my $name = perltidy.TMP;
if ( $^O =~
8 matches
Mail list logo