patch-2.5.4 mktemp fix

Robert Day zarin at
Sat Jan 17 15:17:09 PST 2004

On Thu, 2004-01-15 at 23:02 -0500, Robert Connolly wrote:
> On January 15, 2004 10:29 pm, Radosław Krahl wrote:
> > And in CVS too? :)
> patch-2.5.9 isn't officially on Some vendors have it, I don't know 
> where they got it from. The buffer overflow in patch-2.5.4 is well know, I 
> guess its not taken seriously because patch isn't critical in any way. The 
> question is, why hasn't GNU released patch-2.5.9. Also, the mktemp 
> vulnerability is not fixed in 2.5.9. It might be being use legitemately, but 
> I don't know of any disadvantage to using mkstemp instead.

I found patch 2.5.9 on an alpha mirror of the gnu site...


  Rob Day (BOFH)

More information about the hlfs-dev mailing list