On Mon, Sep 23, 2013 at 05:37:47PM +0200, Radovan Garabik <gara...@kassiopeia.juls.savba.sk> wrote a message of 55 lines which said:
> The "$2" is in quotes, and anyway it is invoked via execl(3), so I > cannot find a way how to subvert the script - that is not to say I > do not believe this is a real risk, I just do not see an obvious way > how to exploit it. No, I do not have an exploit, I was just concerned. May be I've just read too many PHP scripts but it seems to me you're tempting the devil. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org