Hi. I just released mathopd 1.5p5 and 1.6b6.

The new version fixes a problem in internal_dump() that could be exploited to append to arbitrary files writable by the server's UID. Thanks to Carsten Eiram for pointing this out.

Internal dumps will now create files in /tmp with unpredictable filenames. As a side effect, each dump will be in a separate file.

I also fixed a compile-time warning on 64-bit platforms while I was there.


Reply via email to