[SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: [SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution
From: "Thomas Wilke" <wilke@ti.informatik.uni-kiel.de>
Date: Tue, 21 Mar 2006 08:53:19 +0000
Message-id: <[🔎] 17439.48895.110514.361559@localhost.localdomain>
In-reply-to: <m1FLcA6-000ohRC@finlandia.Infodrom.North.DE>
References: <m1FLcA6-000ohRC@finlandia.Infodrom.North.DE>

Dear Luca:

I was wrong: In their 2004 paper, Bouyer, Brinksma, and Larsen say that they
would like to see an extension of their result to a setting with
adversaries. Now the question is what kind of adversary were they thinking
of. Well, they refer to the 2004 paper by Alur, Bernadsky, and Madhusudan. And
in that paper, the timed game version you mention in your report is used
rather than the one that is used in the submission. 

Thanks for replying promptly and making that clear to me! The submission
deserves exactly what you suggest (although it is a pity in view of the first
part, no?).

Best regards,
Thomas

Reply to:

Prev by Date: Re: "Fix" of sudo with DSA-946-1
Next by Date: Re: "Fix" of sudo with DSA-946-1
Previous by thread: RE: [SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities
Next by thread: "obscure" in /etc/pam.d/common-password what does it mean exactly?
Index(es):
- Date
- Thread