[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TPU for slim



Hi,
* Mike Massonnet <mmassonnet@gmail.com> [2009-07-22 16:36]:
> 2009/7/22 Nico Golde <debian-release+ml@ngolde.de>:
> > I'd vote for removing it completely with my security team
> > hat on. Regarding just this bug it should work to fix this
> > with:
> > screenshot_cmd      scrot $(mktemp -d /tmp/scrot_slim.XXXXXX)/scrot.jpg
> >
> > as this is passed to system(), I didn't test this though.
> 
> What does this mean for the state of the package version in lenny? Do
> you or not consider to remove it?

For lenny this is no option as vulnerable installations 
would stay vulnerable.

> Except the screenshot command I haven't been noticed of anything else.

What do you mean? What about #529306 and #536542?

> And what does it  mean for the state of the package 
> version in sid? Is the new version considered to
> be left out from the debian archive?

I'd remove slim completely from unstable.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp4jSR0DyHq_.pgp
Description: PGP signature


Reply to: