[Secure-testing-team] Re: ekg: CAN-2005-1916 Bug#317027 and #318059 FIXED

Marcin Owsiany porridge at debian.org
Fri Jul 15 21:08:39 UTC 2005


On Fri, Jul 15, 2005 at 07:37:27PM +0200, Martin Schulze wrote:
> I've adjusted the changelog entry and assigned two more CVE ids:
> 
>   * Fixes insecure temporary file creation [contrib/scripts/linki.py,
>     CAN-2005-1916, Bug#318059]

Why not Closes:# ?

> Please mention them in the sid changelog when you're doing the next upload.

OK

> Please also forward them upstream.

Done.

> > @@ -80,7 +83,7 @@
> >  
> >  	if text[0] == "@":
> >  		if uin != owner:
> > -			ekg.command("msg %d Czy Ty, aby na pewno jeste? w?a?cicielem tego bota?;)" % uin)
> > +			ekg.command("msg %d Czy Ty aby na pewno jeste? w?a?cicielem tego bota?;)" % uin)
> >  			return
> >  		tablica = ownerz
> >  	elif text[0] == "!": tablica = userz
> 
> Such changes should not appear in security updates!

Right, but they were so minor that I felt they made no difference. But
thanks for pointing this out. I will remove such changes from security
changsets from now on.

regards,

Marcin
-- 
Marcin Owsiany <porridge at debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050716/941e2cbb/attachment.pgp


More information about the Secure-testing-team mailing list