On Thu, Jan 17, 2008 at 02:38:45PM +0000, Steve Kemp wrote: > Felipe Sateler discovered that apt-listchanges, a package change history > notification tool, used unsafe paths when importing its python libraries. > This could allow the execution of arbitary shell commands if the root user > executed the command in a directory which other local users may write > to. Still that breaks because os is not imported. Please fix. Quickly. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Debian Release Assistant `. `' xmpp:phil@0x539.de Ubuntu MOTU `- finger pkern/key@db.debian.org
Attachment:
signature.asc
Description: Digital signature