patch-2.5.4 mktemp fix

Robert Connolly cendres at videotron.ca
Thu Jan 15 20:02:21 PST 2004


On January 15, 2004 10:29 pm, Radosław Krahl wrote:
> And in CVS too? :)
patch-2.5.9 isn't officially on gnu.org. Some vendors have it, I don't know 
where they got it from. The buffer overflow in patch-2.5.4 is well know, I 
guess its not taken seriously because patch isn't critical in any way. The 
question is, why hasn't GNU released patch-2.5.9. Also, the mktemp 
vulnerability is not fixed in 2.5.9. It might be being use legitemately, but 
I don't know of any disadvantage to using mkstemp instead.




More information about the hlfs-dev mailing list