* Nicolas François: > Release Managers, Security Team: > Do you want 505071 to be fixed also for Lenny? Do you mean "etch" instead of "lenny"? We'd probably release a DSA once there's a patch which has some track record, but as far as I can tell, the issue has not been fully analyzed yet. You guard against a symlink attack, but you don't seem to ensure that the TTY name retrieved from the utmp file is correct in the first place.