Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File
gregoa at debian.org
Sun May 6 21:31:42 UTC 2012
On Sun, 06 May 2012 22:13:05 +0100, Adam D. Barratt wrote:
> > (No error handling when doing I/O? Bad. But oh well, using tempfile
> > makes it look better anyway.)
> Specifically, a loss of error handling. The original version at least
> let the caller gracefully handle the failure, whereas the new version is
> technically an API change in that the function is defined as returning
> undef in the case of failure and no longer does if creating the
> temporary file fails; I'm not sure how well the (several) r-deps in the
> archive will handle that.
Hm, good catch.
(tempfile() indeed just croak()s on errors according to the
Maybe it's better to give this a second look ...
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- NP: Paco de Lucia: Manteca Colora [Rumba]
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the pkg-perl-maintainers