Bug#756565:

This bug can be closed with the release of LiVES 2.8.1

Bug#756565: lives: Numerous insecure temporary files used in smogrify

All issues noted above have been fixed. In addition: - the terminology has been changed throughout to try to be less confusing. The directory is now referred to as the "LiVES working directory" everywhere. For example prefs->tmpdir is now prefs->workdir in the C code, and $tmpdir is now $workdir

Bug#756565: lives: Numerous insecure temporary files used in smogrify

On Thu, Sep 22, 2016 at 7:56 PM, James Cowgill wrote: > > Thinking about this some more, there is a slight race condition here if > the user deletes the file after the checks, but before it's written. I > think the best fix would break the smogrify API unfortunately. One >

Bug#756565: lives: Numerous insecure temporary files used in smogrify

Hi, On 20/09/16 18:09, salsaman wrote: > As I mentioned already, the location of this directory is selected by > the user the first time that LiVES is run. > There is nothing forcing it to be ~/livestmp. That's fine, although I don't think it should be the default. > The directory being world

Bug#756565: lives: Numerous insecure temporary files used in smogrify

On Tue, Sep 20, 2016 at 1:03 PM, James Cowgill wrote: > Hi, > > [please don't change the subject to 'bug update' - it makes it harder to > follow threads and is totally pointless] > > I wasnt aware I was changing the subject - it seems like one can only add comments to this

Bug#756565: lives: Numerous insecure temporary files used in smogrify

Hi, [please don't change the subject to 'bug update' - it makes it harder to follow threads and is totally pointless] On 20/09/16 15:51, salsaman wrote: > I would prefer to keep $tmpdir as it is, I dont see any reason to change > it to $XDG_CACHE_HOME as this variable is only used internally to

Bug#756565: bug update

I would prefer to keep $tmpdir as it is, I dont see any reason to change it to $XDG_CACHE_HOME as this variable is only used internally to smogrify. Also using /lives would be confusing as there is already a .lives file and lives-dir which are both created in $HOME. Also the user can select the

Bug#756565: lives: Numerous insecure temporary files used in smogrify

Hi, On 20/09/16 02:56, salsaman wrote: > first of all, I am the main developer of LiVES. Please cc the address > salsaman+li...@gmail.com to all > future bugs related to LiVES. You should go to https://tracker.debian.org/pkg/lives and press the Subscribe

Bug#756565: Bug update

Hi, first of all, I am the main developer of LiVES. Please cc the address salsaman+li...@gmail.com to all future bugs related to LiVES. Secondly, there is incorrect information in this bug report. >> You'll see that $curtmpdir is set to /tmp/smogrify, via code such as: $handle=$ARGV[1];

Bug#756565: CVE

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have you requested CVE already? If you want I can verify this issue and create the request. - --- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlQOzeYACgkQXf6hBi6kbk8dlgCdFm+h5UIJ80dqKfB0oojjiQBq

Bug#756565: CVE

On Tue Sep 09, 2014 at 12:52:38 +0300, Henri Salo wrote: Have you requested CVE already? If you want I can verify this issue and create the request. I have not, the lack of update to the bug report made it slip my mind. If you'd like to confirm the issues, which shouldn't be hard, and

Bug#756565: lives: Numerous insecure temporary files used in smogrify

Package: lives Version: 1.6.2 Severity: important Tags: security lives contains a perl script, smogrify, which is what does a lot of the work. I don't want to point out line-by-line all the issues in the smogrify script, but please consider significantly overhauling it. There are numerous