-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2014-1938: still uses /tmp insecurely (forwarding from Debian BTS #737627) #42
Comments
The simplest solution is of course to refuse the temptation for using /tmp as cache, because it's really not suitable for this purpose. The downside of this solution is that, unlike
|
Switching to |
We forked https://pypi.python.org/pypi/appdirs but I don't remember why we forked instead of bundled. |
@copyninja @jwilk: If one of you wants to confirm that #43 resolves the issue I can merge and do a release later today. |
XDG Base Directory Specification says:
But your code creates directories with default permissions. |
@jwilk fixed. |
Hello,
There has been a security issue reported at Debian against rply. This issue is more than a year old. Can this be fixed by upstream?.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627
The text was updated successfully, but these errors were encountered: