[Secure-testing-team] Re: ekg: CAN-2005-1916 Bug#317027 and #318059
FIXED
Marcin Owsiany
porridge at debian.org
Fri Jul 15 21:08:39 UTC 2005
On Fri, Jul 15, 2005 at 07:37:27PM +0200, Martin Schulze wrote:
> I've adjusted the changelog entry and assigned two more CVE ids:
>
> * Fixes insecure temporary file creation [contrib/scripts/linki.py,
> CAN-2005-1916, Bug#318059]
Why not Closes:# ?
> Please mention them in the sid changelog when you're doing the next upload.
OK
> Please also forward them upstream.
Done.
> > @@ -80,7 +83,7 @@
> >
> > if text[0] == "@":
> > if uin != owner:
> > - ekg.command("msg %d Czy Ty, aby na pewno jeste? w?a?cicielem tego bota?;)" % uin)
> > + ekg.command("msg %d Czy Ty aby na pewno jeste? w?a?cicielem tego bota?;)" % uin)
> > return
> > tablica = ownerz
> > elif text[0] == "!": tablica = userz
>
> Such changes should not appear in security updates!
Right, but they were so minor that I felt they made no difference. But
thanks for pointing this out. I will remove such changes from security
changsets from now on.
regards,
Marcin
--
Marcin Owsiany <porridge at debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050716/941e2cbb/attachment.pgp
More information about the Secure-testing-team
mailing list