Javier Fernández-Sanguino Peña wrote: > I think the current status is pretty dangerous, since some weird commands > might get executed and there seems to be a chance to create a malformed > package that will end up running arbitary code on behalf of the user. > Although I have not investigated that posibility. (that's why I'm not > setting this bug at a higher severity and tagging it security, although I'm > tempted to, see the attached script.
Where is the problimatic rpm in question? I'm not 100% sure, but your patch seems to be mostly treating symptoms and not underlying, possily exploitable problems. -- see shy jo
signature.asc
Description: Digital signature