severity 546903 minor thanks Hi Joerg,
Joerg Scheurich aka MUFTI ha scritto: > So i should say something about the impact and attack vectors: > > To enable the problem, white_dune must be compiled with the --with-aflockdebug > option of ./configure. The debian binary versions are not compiled with > the --with-aflockdebug option, therefore the debian binary versions are > not vulnerable. Thanks for spotting it. > Summary: I don't think, it is very likely that a attacker would trick a > debian user to recompile the white_dune 0.14 package with the > --with-aflockdebug configure option and then would trick him/her > to enter a rather strange filename for the -calfile commandline > option. > Nevertheless, there is no good reason not to fix this minor problem > in the debian sourcetree... > Indeed, set minor as severity. Cheers, Giuseppe.
signature.asc
Description: OpenPGP digital signature