On Thu, Jul 22, 2004 at 05:37:55PM -0400, Andres Salomon wrote:
> On Thu, 2004-07-22 at 08:57 -0700, Matt Zimmerman wrote:
> > On Thu, Jul 22, 2004 at 03:14:19AM -0400, Andres Salomon wrote:
> >
> [...]
> > > 0644. This is quite bad; an unsuspecting user might be storing
> > > sensitive information in session variables, assuming that the class
> > > stores data securely.
> >
> > I assume 1.8.1-9 in stable has the same problem?
> >
>
> You mean the ruby packages in stable (1.6.7-3)? The behavior in Woody
> is the same.
On Thu, Jul 22, 2004 at 05:37:55PM -0400, Andres Salomon wrote:
> On Thu, 2004-07-22 at 08:57 -0700, Matt Zimmerman wrote:
> > On Thu, Jul 22, 2004 at 03:14:19AM -0400, Andres Salomon wrote:
> >
> [...]
> > > 0644. This is quite bad; an unsuspecting user might be storing
> > > sensitive information in session variables, assuming that the class
> > > stores data securely.
> >
> > I assume 1.8.1-9 in stable has the same problem?
> >
>
> You mean the ruby packages in stable (1.6.7-3)? The behavior in Woody
> is the same.
Right, I read the display crooked. :-)
Please keep the security team in the loop.
--
- mdz