[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debian-med-packaging] Bug#496366: The possibility of attack with the help of symlinks in some Debian packages

tag 496366 help

Le Sun, Aug 24, 2008 at 10:05:28PM +0400, Dmitry E. Oboukhov a écrit :
> Package: mafft
> Severity: grave
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.

Hi all,

I have not followed the discussions on -devel closely. What is the
relevance of this bug for the releasability of the package? Upstream is
already at a much higher version number and I am not able to solve the
prolem by myself.

Since the vulnerabiilty can only be exploited by other local users, and
since mafft is a scientific software either used on personnal computers
or on scientific workstations in trusted environments, can I ignore the
bug for Lenny and work with Upsteam on a fix in the latest release?

Have a nice day,

Charles Plessy
Debian Med packaging team,
Tsurumi, Kanagawa, Japan

Reply to: