diff options
| author | Nikolaus Schulz <microschulz@web.de> | 2006-10-27 02:12:45 +0000 |
|---|---|---|
| committer | Nikolaus Schulz <microschulz@web.de> | 2006-10-27 02:12:45 +0000 |
| commit | e491da3a113ed15e5966a78b4461613b56c4b582 (patch) | |
| tree | fff232f68ceeb4fdc8812717f17458f77b48fb28 /archivemail.1 | |
| parent | 0a666a10a6d1da376d4d1ec811f2db00e7877e1b (diff) | |
| download | archivemail-e491da3a113ed15e5966a78b4461613b56c4b582.tar.gz archivemail-e491da3a113ed15e5966a78b4461613b56c4b582.tar.bz2 archivemail-e491da3a113ed15e5966a78b4461613b56c4b582.zip | |
test_archivemail.py: fixed unsafe creation of temporary files.
Derive all testcases that create temporary files from the new class
TestCaseInTempdir, which provides standard fixtures to set up a secure temporary
root directory for tempfiles and cleaning up afterwards. This also simplifies
the code.
This addresses Debian bug #385253, and reading the BTS log, it seems this issue
was assigned CVE-2006-4245, although I cannot find any further reference to that
CVE. Note that the bug was initially reported to affect archivemail itself,
too. This is not correct. There *are* race conditions with archivemail, but
they were not subject of that report, and are not that critical.
Also bumped python dependency to version 2.3 since we use tempfile.mkstemp() and
other recent stuff.
Diffstat (limited to 'archivemail.1')
0 files changed, 0 insertions, 0 deletions