Hi Thomas, * Thomas Schmidt <tschmidt@debian.org> [2008-10-02 14:23]: > Am Donnerstag, den 02.10.2008, 13:45 +0200 schrieb Nico Golde: > > an insecure temporary file creation was reported to the vdr some time ago. > > This is Debian bug #496421. > > > > Unfortunately the vulnerability is not important enough to get it fixed via > > regular security update in Debian stable. It does not warrant a DSA. > > > > However it would be nice if this could get fixed via a regular point update[0]. > > Please contact the release team for this. > > Thank you for your efforts, but in this case an update for stable is not > necessary, because the buggy code hat not been part of any stable release, > it was introduced in version 1.6.0-1, while current stable only has version > 1.4.4-1. Thank you, this was not known to us so far. I added this to the security tracker. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpxj09dAr4gj.pgp
Description: PGP signature