Package: libclipboard-perl / 0.13-1

insecure-tempfile.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Description: Fix insecure use of temporary files.
 This is CVE-2014-5509.
Origin: vendor
Bug: https://rt.cpan.org/Public/Bug/Display.html?id=98435
Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=98435
Author: gregor herrmann <gregoa@debian.org>
Last-Update: 2016-08-13

--- a/scripts/clipedit
+++ b/scripts/clipedit
@@ -1,10 +1,11 @@
 #!/usr/bin/perl
 use strict;
 use Clipboard;
+use File::Temp qw( tempfile );
 
 my $orig = Clipboard->paste;
 
-my $tmpfilename = "/tmp/clipedit$$";
+my ($tmpfile, $tmpfilename) = tempfile();
 open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!";
 print $tmpfile $orig;
 close $tmpfile;