Re: CAN-2003-0020?
On Sun, Apr 18, 2004 at 08:47:16PM +0200, Jan L?hr wrote:
> Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman:
> > On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote:
> > > what about
> > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is
> > > debian finally going to fix it?
> >
> > Current consensus between the security team and the Apache maintainers is
> > that it is not necessary to fix this in woody.
>
> Ehm... why ? ;)
The same issue applies to any file which contains data supplied by an
untrusted source. This is a fundamental Unix feature (or flaw). Terminal
control sequences may be contained in the data.
> What about sarge or sid?
If this were important to you, I expect you would have read the changelog
already, and discovered that it has been fixed in sarge and sid for over a
month.
--
- mdz
Reply to: