patch-2.5.4 mktemp fix
zarin at dscn.net
Sat Jan 17 15:17:09 PST 2004
On Thu, 2004-01-15 at 23:02 -0500, Robert Connolly wrote:
> On January 15, 2004 10:29 pm, Radosław Krahl wrote:
> > And in CVS too? :)
> patch-2.5.9 isn't officially on gnu.org. Some vendors have it, I don't know
> where they got it from. The buffer overflow in patch-2.5.4 is well know, I
> guess its not taken seriously because patch isn't critical in any way. The
> question is, why hasn't GNU released patch-2.5.9. Also, the mktemp
> vulnerability is not fixed in 2.5.9. It might be being use legitemately, but
> I don't know of any disadvantage to using mkstemp instead.
I found patch 2.5.9 on an alpha mirror of the gnu site...
Rob Day (BOFH)
More information about the hlfs-dev