Per my vac message if you guys can put together a quick release in the next day or so that would be great. It will otherwise be Tuesday at the earliest. Chris.
On 6/4/08, Thijs Kinkhorst <[EMAIL PROTECTED]> wrote: > On Wed, June 4, 2008 14:27, Thomas Arendsen Hein wrote: >> I encountered this bug in the real world: I extracted a tarball >> which contained a file named token.py, then I wanted to report a problem >> and therefore started reportbug. >> >> This tarball did not contain harmful code, but as I did not verify >> it before (because I did not intend to execute parts of it), it could have >> been harmful. >> >> And of course there is /tmp as mentioned by Nico Golde. > > That it can happen by accident does not mean that it is easy to explicitly > exploit. I still believe that those chances are small enough to not > consider an update to stable (needs local malicious user, needs victim > user to run reportbug in exactly the right dir, and only then provides > access to "just" the user account). > > If the maintainer wants to provide an update through a stable point update > that is of course fine. > > > Thijs > > > > -- Sent from Gmail for mobile | mobile.google.com Christopher N. Lawrence, Ph.D. <[EMAIL PROTECTED]> Visiting Assistant Professor of Political Science Tulane University 309 Norman Mayer Building New Orleans, Louisiana 70118-5698 Website: http://www.cnlawrence.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
