subject:"Bug#1029913\: Fwd\: Bug#1029913\: texlive\-pictures\: \/usr\/share\/texlive\/texmf\-dist\/scripts\/epspdf\/epspdf.tlu\: \/tmp write vulnerability"

Bug#1029913: Fwd: Bug#1029913: texlive-pictures: /usr/share/texlive/texmf-dist/scripts/epspdf/epspdf.tlu: /tmp write vulnerability

2023-02-24 Thread Hilmar Preuße

On 2/15/23 18:51, Frank Heckenbach wrote: Hi Frank, Of course, chdir into /tmp is a bit risky as any file creation before the next chdir would be susceptible to the same problem, but I assume you made sure this won't happen. BTW, when looked at the changes made, I noticed this:

Bug#1029913: Fwd: Bug#1029913: texlive-pictures: /usr/share/texlive/texmf-dist/scripts/epspdf/epspdf.tlu: /tmp write vulnerability

2023-02-15 Thread Frank Heckenbach

Siep Kroonenberg wrote: > The problem was that the test was specifically for a file rather > than for any filesystem item. > > In the updated TL package, the test has been removed altogether > since there was already a later test for successful generation of a > temp subdirectory. > > The