Your message dated Mon, 25 May 2009 18:32:15 +0530
with message-id <[email protected]>
and subject line Fixed in version 0.05-1.1
has caused the Debian Bug report #310898,
regarding audiolink: Insecure tempfile usage!
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
310898: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310898
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: audiolink
Severity: normal
/usr/bin/audiolink uses static hardcoded paths to tmpfiles below /tmp.
That is insecure - someone else can manipulate what in fed into the
script.
Use random generated files instead. Consider using File::Temp or
similar.
Oh, and while I am at it, avoid mixing command and args in system() -
read `perldoc perlsec`. And consider using DBI also to create the DB.
- Jonas
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc3-mm3+debianlogo+squashfs
Locale: LANG=da_DK, LC_CTYPE=da_DK (charmap=ANSI_X3.4-1968) (ignored: LC_ALL
set to C)
--- End Message ---
--- Begin Message ---
fixed 310898 0.05-1.1
thanks
This bug has been closed as a result of the NMU by Sebastian Delafond
<[email protected]> (that I approved). I had forgotten about the patch by
Gunnar here, so sorry to all for the (small) duplicated effort.
I'm trying to revive the upstream project now and I've put this fix upstream.
--
Amit Shah
http://www.amitshah.net/
--- End Message ---
