Comment 4 for bug 23555
Revision history for this message
|
|
#4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Ulf Harnhammar wrote:
> No, you don't need to set up a rogue CDDB server, as CDDB servers let anyone add or modify information about records.
But according to the freedb.org FAQs every submission is reviewed before being
applied to the database. So it seems quite unlikely submissions of crafted entries
to exploit this vulnerability would pass this stage.
Cheers,
Moritz