Package: djvulibre-bin
Version: 3.5.25.4-4+b1
Tags: security
This is how djvudigital uses temporary files:
djvutext="/tmp/dj$$.ps"
trap "rm 2>/dev/null $djvutext" 0
cat > $djvutext <<\EOF
(ps2utf8.ps) runlibfile currentglobal /setglobal load true setglobal
.ps2utf8 begin /onpage { } bind def /onfont { pop pop pop } bind def
/onmark { pop pop pop pop currentx currenty currentpoint
.djvutextmark } bind def end exec
EOF
This is insecure because the filename is predictable and, more
importantly, the program doesn't fail atomically if the file already
exists.
Please use mktemp(1) for creating temporary files.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]