Red Hat Bugzilla – Bug 168945
arc: insecure temp file creation (CAN-2005-2945)
Last modified: 2007-11-30 17:11:13 EST
BTW, Debian ships version 5.21l which according to the changelog also contains
some buffer overflow fixes.
I'll release 5.21l this week-end. Then probably declare arc orphaned.
I have little confidence in arc's code. It's old and licensing problems kept it
frozen for a long time. Since amavisd can use nomarch instead I have no need for
Unless people are actively fixing arc now it's GPL and work on nomarch stopped.
Didin't look at both projects lately.
Should be building.
Didn't check if it actually works after the build, the number of warnings is
Orphaning this pile of old code now, even the latest and greatest needed a build
patch :(. Seems even freebsd does not care anymore.