Re: CAN-2003-0020?

To: debian-user-german@lists.debian.org
Subject: Re: CAN-2003-0020?
From: Jan Lühr <jluehr@gmx.net>
Date: Sun, 18 Apr 2004 22:32:55 +0200
Message-id: <[🔎] 200404182232.55077.jluehr@gmx.net>
In-reply-to: <20040418185821.GB12830@alcor.net>
References: <200404172216.11138.jluehr@gmx.net> <200404182047.16630.jluehr@gmx.net> <20040418185821.GB12830@alcor.net>

Greetings,

Am Sonntag, 18. April 2004 20:58 schrieb Matt Zimmerman:
> On Sun, Apr 18, 2004 at 08:47:16PM +0200, Jan L?hr wrote:
> > Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman:
> > > On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote:
> > > > what about
> > > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is
> > > > debian finally going to fix it?
> > >
> > > Current consensus between the security team and the Apache maintainers
> > > is that it is not necessary to fix this in woody.
> >
> > Ehm... why ? ;)
>
> The same issue applies to any file which contains data supplied by an
> untrusted source.  This is a fundamental Unix feature (or flaw).  Terminal
> control sequences may be contained in the data.

Ok, seems reasonable.

> > What about sarge or sid?
>
> If this were important to you, I expect you would have read the changelog
> already, and discovered that it has been fixed in sarge and sid for over a
> month.

Sorry, my source-tree was a little bit outdated - just asking, 'cause it was 
in issue on debian-user-german.

Keep smiling, thanks
yanosz

Reply to:

Prev by Date: Re: Stable unsicher?
Next by Date: Re: Stable unsicher?
Previous by thread: IPv6 will nich so richtig funktionieren....
Next by thread: vsftpd + virtual users problem (pam?)
Index(es):
- Date
- Thread