Comment 5 for bug 909189

Revision history for this message
Julian Taylor (jtaylor) wrote :

thanks for incorporating my suggestions. (note subprocess.check_ouput only works with python2.7 which is fine in ubuntu but maybe not for all your other users)

I saw another issue with insecure temporary file use in setnextalarm.py and alarm.py and most scripts.
please use tempfile.TemporaryFile in python and mkstemp in shellscripts so the tempfiles cannot be abused via race conditions.
E.g. the tmpfile data/scripts/wakeup is exploitable for privilige escalation and needs a security update in ubuntu oneiric.

Also please make sure the debdiff applies against the package currently in ubuntu, your last diff does not apply against debian/changelog and debian/control