On Wed, Feb 28, 2007 at 07:45:28PM -0800, Russ Allbery wrote: > I certainly agree that it would be good to fix the bug, but I also can see > why the severity was downgraded.
I think Russ explained pretty nicely why this escalation is pretty rare from being a true vulnerability, although there indeed is an attack window if you do -F, forget about it, forget about the terminal (until cron.daily where apache gets restarted by logrotate). Anyway, from talking to Fabbione, NMU's are always welcome if someone wants to properly test the patch such that it does what it claims it does -- the idea behind the patch is ok in any case. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
