> > At the request of the gnumeric maintainer a new version is being released by
> > Red Hat which addresses potential security issues with the version of
> > gnumeric shipped in Red Hat Linux 6.0.
> [..]
>
> No useful data.
Yes, there is useful data.
The key sequence here is "At the request of the gnumeric maintainer"
and "potential security issues".
That would be me. The main author. The maintainer.
> I don't blindly update software just because the vendor told me to, on the
> assumption that "it must be good for me". I don't suspect a lot of people
> on this list do either...
Well, you can take my word for it. The code used to have a serious
potential security hole.
It has been fixed for quite some time, but it never clicked into my
head until recently. And the package as shipped by most people that
are using GNOME 1.0.x based systems included this problem.
Yes, you can find the problem if you go and review the last 10 or so
diffs of Gnumeric. Not a big job, but why give away this information
for abuse right now?
Give people a chance to upgrade Gnumeric and I will happilly share the
information with bugtraq (if someone does not read the 10 diffs in the
meantime).
Best wishes,
Miguel.
