-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 23 Aug 2023 10:43:16 +0200 Source: sitesummary Architecture: source Version: 0.1.55 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 1050289 Changes: sitesummary (0.1.55) unstable; urgency=medium . [ Guido Berhoerster ] * Fix insecure temporary file and directory creation, error checking. Seurely create a temporary directory using mktemp and check for errors both when creating the directory and wehn changing the current working directory. Place the tarball inside the temporary directory instead of using a predictable file name in /tmp which may lead to a symlink attack. Ensure the temporary directory is always removed. (Closes: #1050289). * Use quoting for fragments. Checksums-Sha1: f9a64c50a9b9572e8ee4ca69b6499800c5f3e201 1980 sitesummary_0.1.55.dsc a3bf399a95be848445e19f0728dfe1fef22538d3 67608 sitesummary_0.1.55.tar.xz bf2b1f999b2c3ea3fd7ab1663b588563058cd572 6705 sitesummary_0.1.55_source.buildinfo Checksums-Sha256: 0758bf4d56b70944ed88fe299d494ded463ddfdac4f4b15bd19d8a1a2421eab3 1980 sitesummary_0.1.55.dsc 5a3fb8fdb5f3a90ef6cddf32f66068443eaa752dd1306a6a5e57ef5951cb8601 67608 sitesummary_0.1.55.tar.xz 82f517e715d357403d2e01a960bc0769dd5203154e035c0d45f2bcd3bd397e0e 6705 sitesummary_0.1.55_source.buildinfo Files: 8808e309521a721e0373fc3acbc835d4 1980 misc optional sitesummary_0.1.55.dsc 847aaa54697502f08cb64e059af034ca 67608 misc optional sitesummary_0.1.55.tar.xz 17ae767d9735ca875e3cf19f9595b03c 6705 misc optional sitesummary_0.1.55_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmTlx6oVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxfDIP/iEbWPmAaXu6iR5W75sj6HS1iLyN iN4DVfKqJwLEKnWJ9RLTlKRywclO3Xl/wt5gnUPSgkjWd+BLrE9A715XwwfK615B QkuxmdhxA3J13rt5kc0X0XH8OaGHY3TOYFeTGavUzMI7wVML/Wgv8JodcdtPioLI WkKMZPZ1abaXtdDX5wAVz5/dg5fDZZJj+/bBD6hsXXMUrrUj3G2Xl6cdHfe0ifhx Cep/DqljTSmqUpctfyjqjYlXYcHNdqfvWTP7lc+Ww7U4twciFv/LfKA1Ke2RNYbS TykItMKxJp6XkhXy3HcBaGdbAfOzLkvjK3dgzId/3e8ROy4ytk9u18laWZv9RSDx Vj8VKC0mMWjomSrhLsaZ6Lr7EsqGocg4HFMjlC/+DH5/S18NgLwuz7KtDmnffkXR OBcg7V1TJpdmlPkO1MeigceOLiIYsoPVCdtCSP+4yCaKHZaCPXxA624dSQFe9+8t v6lc2lTPC6tjDab1bsJqE3iiiAl1vTcNPwxBayiWoe6Fi+mnuUCRSz3ZSvPU5Tpt wlZr7MwlGZhuxOyWMENuIxYGzMKRuYIyt6IZMqBuRIFAqYqz7hb7PWvQclf1xmku ys+fK1G3L3F+rdcs7JzLosqalN8Vam+vmYSncuZCaJeJ+Pf1oyOVxZU3e/jQen3q /ZAPuO0BJZVbfqY7 =3XvD -----END PGP SIGNATURE-----
