Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File
gregor herrmann
gregoa at debian.org
Mon May 14 15:05:12 UTC 2012
On Sun, 06 May 2012 22:13:05 +0100, Adam D. Barratt wrote:
> Specifically, a loss of error handling. The original version at least
> let the caller gracefully handle the failure, whereas the new version is
> technically an API change in that the function is defined as returning
> undef in the case of failure and no longer does if creating the
> temporary file fails; I'm not sure how well the (several) r-deps in the
> archive will handle that.
Upstream has fixed this regression in the error handling in 2.73 [0],
and I've now backported this change to the backport of the original
fix.
Attached is the new debdiff; I'm looking forward to another review.
Cheers,
gregor
[0]
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/511f34b73b85
https://rt.cpan.org/Public/Bug/Display.html?id=77039
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- NP: Bob Dylan: Blowin' In The Wind
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 671255-squeeze.diff
Type: text/x-diff
Size: 2061 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120514/d97ead62/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120514/d97ead62/attachment.pgp>
More information about the pkg-perl-maintainers
mailing list