[Bug 1917128] Review Request: efitools - Tools to manipulate EFI secure boot keys and signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1917128



--- Comment #10 from Vasiliy Glazov <vascom2@xxxxxxxxx> ---
1. LGPG license name must be LGPLv2 instead of LGPLv2.1

2. rpmlint errors
efitools.x86_64: E: call-to-mktemp /usr/bin/efi-readvar
efitools.x86_64: E: call-to-mktemp /usr/bin/efi-updatevar
should be reported to upstream.

$ rpmlint -I call-to-mktemp
call-to-mktemp:
This executable calls mktemp. As advised by the manpage (mktemp(3)), this
function should be avoided. Some implementations are deeply insecure, and
there is a race condition between the time of check and time of use (TOCTOU).
See http://capec.mitre.org/data/definitions/29.html for details, and contact
upstream to have this issue fixed.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux