Control: tags -1 + moreinfo
On Wed, 2015-03-18 at 11:50 +0100, Markus Wanner wrote:
> please unblock the package flightgear-3.0.0-5 as recently uploaded to
> unstable. It fixes a security issue by disallowing nasal scripts to
> access or modify files, see #780712. I kept the packaging changes as
> minimal as possible. A debdiff and the patch are attached for review.
Well, not really. A debdiff from which you'd filtered the patch was
attached, as was the patch. I'm not convinced that actually provided any
benefit over simply providing the unfiltered debdiff.
++ write_allowed_paths.push_back("/tmp/*.xml");
Is that really intended? (Both the hardcoding of /tmp/ rather than using
something respecting TMPDIR and being allowed to write any ".xml"
there.)
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
