[Debian-med-packaging] Bug#496366: Bug#496366: The possibility of attack with the help of symlinks in some Debian packages
Charles Plessy
plessy at debian.org
Mon Aug 25 03:56:44 UTC 2008
tag 496366 help
thanks
Le Sun, Aug 24, 2008 at 10:05:28PM +0400, Dmitry E. Oboukhov a écrit :
> Package: mafft
> Severity: grave
>
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.
Hi all,
I have not followed the discussions on -devel closely. What is the
relevance of this bug for the releasability of the package? Upstream is
already at a much higher version number and I am not able to solve the
prolem by myself.
Since the vulnerabiilty can only be exploited by other local users, and
since mafft is a scientific software either used on personnal computers
or on scientific workstations in trusted environments, can I ignore the
bug for Lenny and work with Upsteam on a fix in the latest release?
Have a nice day,
--
Charles Plessy
Debian Med packaging team,
Tsurumi, Kanagawa, Japan
More information about the Debian-med-packaging
mailing list