Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages

To: debian-devel@lists.debian.org
Subject: Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages
From: Raphael Geissert <atomo64+debian@gmail.com>
Date: Mon, 25 Aug 2008 21:10:14 -0500
Message-id: <[🔎] g8vona$3cv$1@ger.gmane.org>
References: <[🔎] 20080825051600.GV4939@mykerinos.kheops.frmug.org> <[🔎] 20080825094217.GC1341@kunpuu.plessy.org>

Charles Plessy wrote:

> Le Mon, Aug 25, 2008 at 07:16:00AM +0200, Christian Perrier a écrit :
>> 
>> - timing wrt the release
>> - timing wrt the "half of the developers are VAC" status we generally
>>   have in August
>> - the obvious lack of preparation
> 
> In addition, security issues should better be reported upstream first so
> that all the distributions have a chance of providing corrected versions
> when the details are made public…

doesn't apply for maintainer scripts, but I agree they should *also* be
reported to upstream.

> 
> Have a nice day,
> 

Cheers,
Raphael

Reply to:

References:
- Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages
  - From: Christian Perrier <bubulle@debian.org>
- Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages
  - From: Charles Plessy <plessy@debian.org>

Prev by Date: Re: Arch-dependent Depends
Next by Date: [Suggestion] Reject Mail to ITP Bug
Previous by thread: Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages
Next by thread: Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages
Index(es):
- Date
- Thread