Nico Golde wrote, Mon, 8 Dec 2008 11:25:36 +0100:
[...]
Nico Golde wrote, Monday, December 08, 2008 8:36 AM:
[...]
>No this is correct, devscripts is vulnerable to
>a symlink attack before the fix (for example signfile()).
[...]
Just had a look again at this issue. It should be no
real proble
Hi,
* Adam D. Barratt <[EMAIL PROTECTED]> [2008-12-08 11:03]:
> Nico Golde wrote, Monday, December 08, 2008 8:36 AM:
> >* Adam D. Barratt <[EMAIL PROTECTED]> [2008-12-08 09:09]:
> >> On Mon, 2008-12-08 at 01:31 +0100, Cyril Brulebois wrote:
> >> [...]
> >> > Since the filename is predictable, I gue
Hi,
Nico Golde wrote, Monday, December 08, 2008 8:36 AM:
* Adam D. Barratt <[EMAIL PROTECTED]> [2008-12-08 09:09]:
> On Mon, 2008-12-08 at 01:31 +0100, Cyril Brulebois wrote:
> [...]
> > Since the filename is predictable, I guess debsign is vulnerable to
> > symlink
> > attacks and the like (al
3 matches
Mail list logo
