On Fri, 2012-06-15 at 12:07 +0200, Jan Lieskovsky wrote: > As noted, didn't file Red Hat Bugzilla bug yet, since I am not completely > sure this is a security issue (and first wanted to obtain feedback from > gpm developers / upstream). Yeah that's okay,... but I think it's good to record other things in the meantime at the debian bug, to have it at least somewhere =)
> > Note that this is of course not only a security hole between root/user-A > > but also between user-A/user-B situations. > Sure, just focused on root/unprivileged user scenario in my testing. Okay... just wanted to point out again, that it's critical for both scenarios. Upstream folks,... have you had already time to think about all this? I don't think that this issue is highly critical, but one should probably fix it, request a CVE and so on. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
