Hi Steve, * Steve Kemp <skx@debian.org> [2007-12-07 20:26]: > On Fri Dec 07, 2007 at 18:41:35 +0100, Nico Golde wrote: > > What about those, are they unimportant? > > They are still present in the etch code. I stumbled > > upon them while preparing a testing-security upload. > > Uknown. I used the patch provided by Theodore Tso, which he > is/was planning on using for Sid/Ubuntu. > > If there are missing bits then we'll need to reissue the update, > but right now I believed the patch was as complete as it needed > to be. [...] I asked Ted about this, I just quote what he wrote: "I don't consider that to be a high priority issue, since it's not likely that an attacker would be able to trick an administrator to run resize2fs on some random filesystem image while running as root." So decide on your own if this warrants an update of the DSA, he will include this in 1.40.4. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpGWP4fR_Qcp.pgp
Description: PGP signature