[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible buffer overflows = security problem?

On Fri, Sep 05, 2003 at 11:07:12PM +0100, Dale Amon wrote:

> On Fri, Sep 05, 2003 at 08:19:46PM +0200, Frank Lichtenheld wrote:
> > The question that remains is: Does this require a security update for
> > the woody version of the package? Or should I just try to get this
> > fixed in the next release (of the package)?
> 
> I'd say yes. It's one for which someone might be able to
> craft an attack although there may be some uncertainty
> in that; but I've seen security updates with no more
> reason than that.

Only root has control over apt's packages lists and the dpkg status file, so
I wouldn't be too concerned about this from a security standpoint.  It's
still sloppy, and I would think twice before stepping forward to take over
maintenance of such a program, rather than simply dropping it from the
distribution.

-- 
 - mdz
Reply to: