Bug#405336: vdr ignores svdrphostsconf, listens instead to
0.0.0.0:2001
Thomas Schmidt
tschmidt at debian.org
Tue Jan 2 20:10:06 CET 2007
severity 405336 wishlist
tag 405336 - security
retitle 405336 Please do not bind to the wildcard-address
* Stephen Gran schrieb am 02.01.07, um 19:31 Uhr:
> > Maybe the client address is checked, after vdr has accepted the connection.
> > (I haven't looked into this.)
>
> This is indeed the logic:
>
> ...
>
> I'm not the maintainer, but I suggest downgrading the severity and
> removing the security tag from this report as a first step. If it was
> my package, I might suggest closing it (or perhaps redoing it as a
> wishlist bug to only bind to some interface or IP address, rather than
> all).
Thank you very much for taking a look at the source, i agree that it
would be the best to downgrade the bug to wishlist.
Regards,
Thomas
--
Thomas Schmidt, Debian VDR Team
http://pkg-vdr-dvb.alioth.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-vdr-dvb-devel/attachments/20070102/aeddffb6/attachment-0001.pgp
More information about the pkg-vdr-dvb-devel
mailing list