Hi Moritz, * Moritz Muehlenhoff <[EMAIL PROTECTED]> [2007-12-04 22:30]: > severity 454167 important > thanks > > Nico Golde wrote: > > Package: sing > > Version: 1.1-15 > > Severity: critical > > Tags: security > > > > Please have a look at: > > http://www.securityfocus.com/archive/1/484472 > > The assertion by the security researcher above is incorrect, both > the packages in Sarge and Etch have a debconf question, which warns > prominently about the dangers of a setuid sing binary and which > defaults to no.
Yes I saw this when I tested this bug, however I disagree here because the dialog just says: "allows non-root users to send spoofed ICMP messages from your machine.". This does not say anything that every user could get root access with this. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpDkh6Aws3Qd.pgp
Description: PGP signature
