[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debian-med-packaging] Bug#496366: The possibility of attack with the help of symlinks in some Debian packages



On Monday 25 August 2008 05:56, Charles Plessy wrote:
> I have not followed the discussions on -devel closely. What is the
> relevance of this bug for the releasability of the package? Upstream is
> already at a much higher version number and I am not able to solve the
> prolem by myself.
>
> Since the vulnerabiilty can only be exploited by other local users, and
> since mafft is a scientific software either used on personnal computers
> or on scientific workstations in trusted environments, can I ignore the
> bug for Lenny and work with Upsteam on a fix in the latest release?

FTR: I've just added a comment to the bug log why I don't think that is 
appropriate.


Thijs

Attachment: pgpBMzgTNNNXk.pgp
Description: PGP signature


Reply to: