On Wed, 2014-04-30 at 18:14:29 +0200, Javier Serrano Polo wrote: > Package: dpkg > Version: 1.15.8.13 1.16.12 > Tags: security
> Directory traversal was already possible. I have suggested a solution. > That is the way I fixed it: dry run, let the patch tool say what files > will be touched. Another solution would be to stop using an external > tool. Ok, now I'm confused, do you mean there's another security problem? And that you've got a patch fixing it, or just that you would fix it that way? > I will wait two days before releasing one of the exploit packages. Didn't you do that before filing this bug report in: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306#61> ? Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
