See also this post in the CERT vulnerability analysis blog: http://www.cert.org/blogs/vuls/2008/07/using_package_managers.html They have assigned a vulnerability number to this issue (VU#230187) but it doesn't seem to be public yet.
See also this post in the CERT vulnerability analysis blog: http:// www.cert. org/blogs/ vuls/2008/ 07/using_ package_ managers. html
They have assigned a vulnerability number to this issue (VU#230187) but it doesn't seem to be public yet.