Hi, On Fri, 2010-01-22 at 15:11 +0100, Sven Joachim wrote: > I would like to upload a new version of the backup-manager to stable in > order to fix a (relatively minor) security issue. The fix is trivial, > just transposing to lines and thus ensuring that a password is not > written to a file until the world is denied read access. Full debdiff > is attached. > > There is certainly no need for a DSA, since the problem is similar to > CVE-2007-2766 (to be fixed in oldstable, no DSA), but even harder to > exploit.
It does indeed seem somewhat difficult to exploit. :) However, that doesn't imply that it shouldn't be fixed; please go ahead. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
