patch-2.5.4 mktemp fix

Robert Day zarin at dscn.net
Sat Jan 17 15:17:09 PST 2004


On Thu, 2004-01-15 at 23:02 -0500, Robert Connolly wrote:
> On January 15, 2004 10:29 pm, Radosław Krahl wrote:
> > And in CVS too? :)
> patch-2.5.9 isn't officially on gnu.org. Some vendors have it, I don't know 
> where they got it from. The buffer overflow in patch-2.5.4 is well know, I 
> guess its not taken seriously because patch isn't critical in any way. The 
> question is, why hasn't GNU released patch-2.5.9. Also, the mktemp 
> vulnerability is not fixed in 2.5.9. It might be being use legitemately, but 
> I don't know of any disadvantage to using mkstemp instead.
> 

I found patch 2.5.9 on an alpha mirror of the gnu site...

http://www.funet.fi/pub/gnu/alpha/gnu/patch/

Enjoy.

  Rob Day (BOFH)




More information about the hlfs-dev mailing list