Package: tpp Version: 1.3.1-2 Severity: grave Tags: security Please feel free to downgrade the bug report or remove the security tag. It's just my point of view.
Opening an untrusted input file may be harmful, because tpp supports an "exec" command, which can do bad things, e.g. sending your private SSL or GnuPG files or removing your home directory without any warning or confirmation. The manual page does not mention this shell-style behaviour. It is probably unexpected of an presentation program, even a geeky one. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org