Re: TeTeX bugs
Denis Barbier <barbier@imacs.polytechnique.fr> writes:
>
> On Tue, 14 Mar 2000, Dylan Paul Thurston wrote:
>
> > On Tue, Mar 14, 2000 at 01:11:03PM +0100, Stephane Bortzmeyer wrote:
> > > Since the teTeX in slink works fine and the one is potato is broken
> > > (a bug in babel which prevents compilation of *every* document in
> > > French), I prefer the old stuff.
> >
> > Surely that should be an important bug (#42698)? In fact, browsing
> > the bugs against tetex-base, several of them seem important, including
> > at least one security bug (#57746, same as #32652). Should I upgrade
> > them? Unfortunately, the security bug seems non-trivial to fix.
>
> Where is this security flaw?
> There has been no response to the question asked by Christoph Martin on
> 1 Feb 1999
> <URL:http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=32652>
>
We discussed that issue widely in the past. There is no real risc in
having this directories world writable. If only ths ls -lR file is not
writable. This file is updated from cron every night and we are
working on a suid-script which can do it from users.
Christoph
--
============================================================================
Christoph Martin, Uni-Mainz, Germany
Internet-Mail: Christoph.Martin@Uni-Mainz.DE
--------------export-a-crypto-system-sig -RSA-3-lines-PERL------------------
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
Reply to: