Hi, 2010/8/27 Moritz Muehlenhoff <j...@inutil.org>: > On Thu, Aug 26, 2010 at 08:21:42AM +0900, Nobuhiro Iwamatsu wrote: >> tags 594414 lenny >> thanks >> >> Hi, >> >> Thanks for your report. >> >> On Wed, Aug 25, 2010 at 09:58:56PM +0200, Moritz Muehlenhoff wrote: >> > Package: slim >> > Severity: grave >> > Tags: security >> > >> > The following was reported to oss-security: >> > >> > -- >> > >> > SLiM versions prior to 1.3.1 assigned logged on users a predefined PATH >> > which included './'. This allowed unintentional code execution (e.g. >> > planted binary) and has been fixed by the developers in version 1.3.2. >> > >> > Fix: >> > http://svn.berlios.de/wsvn/slim?op=comp&compare[]=/@170&compare[]=/@171 >> >> slim has this problem only lenny. >> I'll fix soon. > > The impact seems rather low, I don't think we need a DSA for this?
OK. May I think this to be the official answer of the security team? # Because you are member of security team. Or I ask them (debian-security-priv...@lists.debian.org)judgment once? > > Could you fix this through a stable point update, please? > http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable Sure. I am going to do this. Best regards, Nobuhiro -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
