Hi Tim, * Tim Brown <[EMAIL PROTECTED]> [2008-02-19 20:08]: > I've just notice that the security tracker > http://security-tracker.debian.net/tracker/status/release/unstable has been > updated for festival. However it is wrong. This bug *is* remotely > exploitable (due to the afore mentioned lack of ACLs).
Sure it is :) The remote exploitability status isn't set manually by us. This is extracted automatically from the NVD text http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4074 which doesn't mention the word 'remote'. I think that's the reason. Patches welcome :) Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpCeDRwjixSc.pgp
Description: PGP signature