Hi Ludovic, * Ludovic Rousseau <[EMAIL PROTECTED]> [2008-10-27 15:14]: > From upstream author. > > ---------- Forwarded message ---------- > From: Matthias Wandel > Date: Mon, Oct 27, 2008 at 1:06 PM > Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command > injection via filename and insecure file handling > To: Ludovic Rousseau <[EMAIL PROTECTED]> > > > So what is the security vulnerability? > > You can use it to delete files, but why not just use "rm"? > > Unless of course you run it as setuid root, but why would you go out > ot your way to do that?
Why does upstream have problems to understand an issue which he acknowledged before? https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020/comments/6 Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpsVPXVNt0Od.pgp
Description: PGP signature
