On Wed, Apr 05, 2006 at 11:00:16AM +0200, Moritz Muehlenhoff wrote: > Steve Langasek wrote: > > > > This bug has been pending for more than two months and no fix in Debian > > > > yet... Does Bruno still track his bugs?
> > > > Here is two patches for both Sarge and Sid versions. > > > > Pierre Riteau > > > > (CC'ing [EMAIL PROTECTED] for the stable fix, and the > > > > Co-Maintainer as I don't know if he receives BTS replies) > > > > (Email address in previous message for tagging is wrong, I was playing > > > > with bts thinking it wouldn't commit the changes) > > > Xmame is non-free and thus not supported by the Security Team. > > > (Only the relatively obscure -svgalib version is affected, anyway.) > > Is it the case that this bug doesn't affect the other frontends *at all*, or > > just that, not being suid root, it's just an arbitrary code execution bug > > instead of a root exploit? > It's a local vulnerability, the only security ramification would be a > privilege escalation: If untrusted input can trigger arbitrary code execution, then that still has security implications. I don't think that most users only use trusted ROMs with xmame. :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature