Re: scponly issue

To: Steffen Joeris <steffen.joeris@skolelinux.de>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: scponly issue
From: Florian Weimer <fweimer@bfk.de>
Date: Thu, 13 Dec 2007 11:01:59 +0100
Message-id: <[🔎] 82r6hqewvc.fsf@mid.bfk.de>
In-reply-to: <[🔎] 200712131014.00788.steffen.joeris@skolelinux.de> (Steffen Joeris's message of "Thu, 13 Dec 2007 10:13:55 +0100")
References: <[🔎] 200712131014.00788.steffen.joeris@skolelinux.de>

* Steffen Joeris:

> The scponly issue[0] is still marked as "high". The solution so far
> is to deactivate the svn support. To actually exploit it, one need
> to have a svn account already. Can we at least lower it to medium?
> Any thoughts on this?

This is a failure of a security component to enforce the configured
security policy, so "high" is warranted.

I'll make sure that we release an appropriate update for stable.

-- 
Florian Weimer                <fweimer@bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

Reply to:

References:
- scponly issue
  - From: Steffen Joeris <steffen.joeris@skolelinux.de>

Prev by Date: scponly issue
Next by Date: temp names stop working when CVE assigned
Previous by thread: scponly issue
Next by thread: temp names stop working when CVE assigned
Index(es):
- Date
- Thread