21 Aug
2005
21 Aug
'05
7:22 a.m.
On Thu, Aug 18, 2005 at 03:45:26PM +0200, Wolfram Quester wrote:
Hi all,
On Tue, Aug 16, 2005 at 10:22:17PM -0300, bulia byak wrote:
On 8/16/05, Jon Phillips <jon@...235...> wrote:
In reading through my technorati filter for Inkscape, I found this insecurity announcement. Should this be filed?
It says it's fixed in 0.42.
Yes, I just checked that none of this stuff is left in the extensions directory. All occurrences of this type of insecure tempfile handling were fixed by pjrm at least 4 months ago. The bug is present in 0.39, 0.40 and 0.41. Since 0.41 is the version in debian sarge I sent fixed package to debian's security team.
What exactly was the fix?
Bryce