[Rd] Security issue with javareconf script (PR#12636)

From: <tcallawa_at_redhat.com>
Date: Fri, 29 Aug 2008 17:35:07 +0200 (CEST)


Full_Name: Tom Callaway
Version: 2.7.2
OS: Fedora 10 (Linux/x86_64)
Submission from: (NULL) (96.233.67.230)

Recently, Debian identified a security issue with the javareconf script in R. I confirmed that this is still unfixed in R 2.7.2.

The following patch resolves the issue:

diff -up R-2.7.2/src/scripts/javareconf.BAD R-2.7.1/src/scripts/javareconf
--- R-2.7.2/src/scripts/javareconf.BAD  2008-08-29 11:04:21.000000000 -0400
+++ R-2.7.2/src/scripts/javareconf	2008-08-29 11:05:34.000000000 -0400
@@ -125,16 +125,17 @@ fi
 javac_works='not present'
 if test -n "$JAVAC"; then

     javac_works='not functional'
- rm -rf /tmp/A.java /tmp/A.class


R-devel_at_r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Fri 29 Aug 2008 - 15:41:55 GMT

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Fri 29 Aug 2008 - 19:38:16 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.

list of date sections of archive