Re: [Debian-med-packaging] Bug#496366: The possibility of attack with the help of symlinks in some Debian packages
tag 496366 help
Le Sun, Aug 24, 2008 at 10:05:28PM +0400, Dmitry E. Oboukhov a écrit :
> Package: mafft
> Severity: grave
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.
I have not followed the discussions on -devel closely. What is the
relevance of this bug for the releasability of the package? Upstream is
already at a much higher version number and I am not able to solve the
prolem by myself.
Since the vulnerabiilty can only be exploited by other local users, and
since mafft is a scientific software either used on personnal computers
or on scientific workstations in trusted environments, can I ignore the
bug for Lenny and work with Upsteam on a fix in the latest release?
Have a nice day,
Debian Med packaging team,
Tsurumi, Kanagawa, Japan