Thanks for getting these prepared! Two observations:
- the packaging uses "dpatch", so the patch needs to be re-worked to create a patch in debian/patches and update the 00list file.
- the fix isn't a full fix. I would have expected either the use of "mkstemp" or at least "umask" for the file creation, instead of only "mktmpnam", which isn't fully safe. (Perhaps there is something I don't know about that made Debian choose this less security solution.) It _is_ much safer than the prior code, though. :)
Thanks for getting these prepared! Two observations:
- the packaging uses "dpatch", so the patch needs to be re-worked to create a patch in debian/patches and update the 00list file.
- the fix isn't a full fix. I would have expected either the use of "mkstemp" or at least "umask" for the file creation, instead of only "mktmpnam", which isn't fully safe. (Perhaps there is something I don't know about that made Debian choose this less security solution.) It _is_ much safer than the prior code, though. :)
Thanks!