Comment 27 for bug 22052

Message-ID: <email address hidden>
Date: Fri, 7 Oct 2005 07:36:33 +0200
From: Martin Schulze <email address hidden>
To: =?iso-8859-1?Q?Lo=EFc?= Minier <email address hidden>
Cc: Paul Szabo <email address hidden>, <email address hidden>,
 Debian Security Team <email address hidden>
Subject: gnome-pty-helper foo

Could somebody explain the security implication for me?

being able to write arbitrary strings into valid records without
overwriting any other data in utmp/wtmp can hardly be classified
as a security vulnerability.

(Apart from that, I'm only slightly annoyed as I had to learn about
this via MITRE / GNOME Bugzilla instead of a mail from the maintainer
to the security team?)

Regards,

 Joey

--
Everybody talks about it, but nobody does anything about it! -- Mark Twain

Please always Cc to me when replying to me on the lists.