Message-ID: <email address hidden>
Date: Fri, 7 Oct 2005 07:36:33 +0200
From: Martin Schulze <email address hidden>
To: =?iso-8859-1?Q?Lo=EFc?= Minier <email address hidden>
Cc: Paul Szabo <email address hidden>, <email address hidden>,
Debian Security Team <email address hidden>
Subject: gnome-pty-helper foo
Could somebody explain the security implication for me?
being able to write arbitrary strings into valid records without
overwriting any other data in utmp/wtmp can hardly be classified
as a security vulnerability.
(Apart from that, I'm only slightly annoyed as I had to learn about
this via MITRE / GNOME Bugzilla instead of a mail from the maintainer
to the security team?)
Regards,
Joey
--
Everybody talks about it, but nobody does anything about it! -- Mark Twain
Please always Cc to me when replying to me on the lists.
Message-ID: <email address hidden> 1?Q?Lo= EFc?= Minier <email address hidden>
Date: Fri, 7 Oct 2005 07:36:33 +0200
From: Martin Schulze <email address hidden>
To: =?iso-8859-
Cc: Paul Szabo <email address hidden>, <email address hidden>,
Debian Security Team <email address hidden>
Subject: gnome-pty-helper foo
Could somebody explain the security implication for me?
being able to write arbitrary strings into valid records without
overwriting any other data in utmp/wtmp can hardly be classified
as a security vulnerability.
(Apart from that, I'm only slightly annoyed as I had to learn about
this via MITRE / GNOME Bugzilla instead of a mail from the maintainer
to the security team?)
Regards,
Joey
--
Everybody talks about it, but nobody does anything about it! -- Mark Twain
Please always Cc to me when replying to me on the lists.