Hello, Atm I think over disabling the smbfs extension for mc since this lib is over 10 years old. And I think there will be maybe several big security issues within this lib (which are of course fixed in the newer ones but not in that old one). I doesn't check that, but according to Noel Köthe, who is one of the samba maints within debian, there should be several around.
So a temp. fix would be to disable the smbfs extension in mc. The correct fix would be to link dynamically against the libsmbclient lib. If someone has a patch to fix this, I would be _very_ glad, since I think this feature is often used in mc. @Nico: I cc'ed you as member of testing security: I guess this would also affect mc in oldstable, stable and testing. What do you think? @Pavel: You told me that you worked on this patch (link dynamically) several weeks ago, is there any progress? Such a fix would be really important for the users! :) Greetings Winnie ps: My whish is that there is a patch around very fast. Pavel, if you started to work on this and have something incomplete somewhere please reply and point me to this! -- .''`. Patrick Winnertz <[EMAIL PROTECTED]> : :' : GNU/Linux Debian Developer `. `'` http://www.der-winnie.de http://people.skolelinux.org/~winnie `- Debian - when you have better things to do than fixing systems
signature.asc
Description: This is a digitally signed message part.
