[Pkg-hpijs-devel] Bug#635549: Stable update of hplip for CVE-2011-2722 (#635549) ?
Adam D. Barratt
adam at adam-barratt.org.uk
Sun Jan 15 20:35:12 UTC 2012
On Sun, 2011-12-11 at 18:02 +0000, Adam D. Barratt wrote:
> On Sun, 2011-12-04 at 17:26 +0000, Adam D. Barratt wrote:
> > On Thu, 2011-12-01 at 20:17 +0000, Adam D. Barratt wrote:
> > > On Fri, 2011-11-25 at 14:58 +0100, Didier Raboud wrote:
> > > > * Fix CVE-2011-2722 "Insecure tempfile handling" by patching the culprit
> > > > code out. (Closes: #635549)
> > >
> > > I'm assuming the debug code isn't likely to be used that often? The
> > > upstream bug (<URL:https://bugs.launchpad.net/hplip/+bug/809904>)
> > > implies that they were looking at replacing the code with a mkstemp()
> > > call, rather than removing it. If it's basically unused then patching
> > > it out should be okay though.
> > fwiw, the above wasn't a rhetorical question. I was anticipating that
> > the next action would have been a reply, not an upload...
> Having said that, a reply wouldn't be unwelcome...
Reply came there none.
Given that the affected code hasn't re-appeared in unstable, I've
flagged the upload for acceptance, but for the record I'm somewhat
unimpressed by the lack of response to any of my queries.
More information about the Pkg-hpijs-devel