aboutsummaryrefslogtreecommitdiffstats
path: root/TODO
diff options
context:
space:
mode:
authorNikolaus Schulz <microschulz@web.de>2006-10-27 02:12:45 +0000
committerNikolaus Schulz <microschulz@web.de>2006-10-27 02:12:45 +0000
commite491da3a113ed15e5966a78b4461613b56c4b582 (patch)
treefff232f68ceeb4fdc8812717f17458f77b48fb28 /TODO
parent0a666a10a6d1da376d4d1ec811f2db00e7877e1b (diff)
downloadarchivemail-e491da3a113ed15e5966a78b4461613b56c4b582.tar.gz
archivemail-e491da3a113ed15e5966a78b4461613b56c4b582.tar.bz2
archivemail-e491da3a113ed15e5966a78b4461613b56c4b582.zip
test_archivemail.py: fixed unsafe creation of temporary files.
Derive all testcases that create temporary files from the new class TestCaseInTempdir, which provides standard fixtures to set up a secure temporary root directory for tempfiles and cleaning up afterwards. This also simplifies the code. This addresses Debian bug #385253, and reading the BTS log, it seems this issue was assigned CVE-2006-4245, although I cannot find any further reference to that CVE. Note that the bug was initially reported to affect archivemail itself, too. This is not correct. There *are* race conditions with archivemail, but they were not subject of that report, and are not that critical. Also bumped python dependency to version 2.3 since we use tempfile.mkstemp() and other recent stuff.
Diffstat (limited to 'TODO')
0 files changed, 0 insertions, 0 deletions