Hallo Dirk, Am Samstag, den 08.11.2014, 11:58 +0100 schrieb Dirk Bächle: > Hi Jörg, > > On 08.11.2014 11:42, Jörg Frings-Fürst wrote: > > Hello, > > > > from Helmut Grohne <hel...@subdivi.de> I have just get: > > > > [...] > > Any hints about this? > I fail to see how this affects the integrity and security of a Debian > installation/distribution. When Helmut Grohne says that "the Debian > package almost certainly should revert it." is this based on anything > more than his very personal opinion, and a good portion of FUD? >
Form irc: [08:00:45] <helmut> is having "." in the library path for a python application generally considered a vulnerability? [08:45:03] <womble> helmut: It certainly isn't a *good* thing. If it runs with any sort of elevated privileges, it's *definitely* exploitable. [09:56:04] <carnil> helmut, womble: reminds me as example to perl e.g. there is #588017, one puppet CVE in similar regard was http://puppetlabs.com/security/cve/cve-2014-3248, or #591676 [09:56:14] [zwiebelbot] Debian#588017: perl: current directory in @INC potentially harmful - https://bugs.debian.org/588017 [09:56:15] [zwiebelbot] Debian#591676: pylint: please either disable or document dynamic checks - https://bugs.debian.org/591676 > Best regards, > > Dirk CU Jörg -- pgp Fingerprint: 7D13 3C60 0A10 DBE1 51F8 EBCB 422B 44B0 BE58 1B6E pgp Key: BE581B6E CAcert Key S/N: 0E:D4:56 Jörg Frings-Fürst D-54526 Niederkail Threema: SYR8SJXB IRC: j_...@freenode.net j_...@oftc.net
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Scons-dev mailing list Scons-dev@scons.org https://pairlist2.pair.net/mailman/listinfo/scons-dev