Re: CAN-2003-0020?
Greetings,
Am Sonntag, 18. April 2004 20:58 schrieb Matt Zimmerman:
> On Sun, Apr 18, 2004 at 08:47:16PM +0200, Jan L?hr wrote:
> > Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman:
> > > On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote:
> > > > what about
> > > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is
> > > > debian finally going to fix it?
> > >
> > > Current consensus between the security team and the Apache maintainers
> > > is that it is not necessary to fix this in woody.
> >
> > Ehm... why ? ;)
>
> The same issue applies to any file which contains data supplied by an
> untrusted source. This is a fundamental Unix feature (or flaw). Terminal
> control sequences may be contained in the data.
Ok, seems reasonable.
> > What about sarge or sid?
>
> If this were important to you, I expect you would have read the changelog
> already, and discovered that it has been fixed in sarge and sid for over a
> month.
Sorry, my source-tree was a little bit outdated - just asking, 'cause it was
in issue on debian-user-german.
Keep smiling, thanks
yanosz
Reply to: