Package: openobex-apps Version: 1.2-2 Severity: serious Tags: security If you "ircp -r", and someone sends you a file, the filename provided by the remote source is used -- even if the file still exists.
The source has actually a TODO about this: //TODO! Rename file if already exist. (line 129, ircp_io.c) It think this is quite dangerous, because you could be doing ircp -r in your homedir, and get '.bashrc' or so accidently. Of course, risk is quite limited due to the need of physical proximity, but still. --Jeroen -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages openobex-apps depends on: ii libbluetooth1 2.25-1 Library to use the BlueZ Linux Blu ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libopenobex1 1.2-2 OBEX protocol library ii libusb-0.1-4 2:0.1.12-2 userspace USB programming library openobex-apps recommends no packages. -- no debconf information -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
