-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
tag 330627 +pending
severity 330627 critical
thanks
I believe the correct severity level is critical, not grave as security
bugs are supposed to be rated according to:
* affects a user that installs a package: critical
* affects a user that has executed a binary, allowing
compromising userdata, taking over account, etc.: grave
* affects build-process, or generally annoying: important
In any case, a new package is on its way now, the package is currently
only in unstable.
micah
Michael Stone wrote:
> On Thu, Sep 29, 2005 at 02:00:12AM +0200, Thomas Prokosch wrote:
>
>> $RKHUNTER --cronjob --report-warnings-only > /tmp/$$
>>
>> If I am not mistaken this command poses a security risk for
>> the system because it allows a symlink attack.
>
>
> Definately, it should be fixed ASAP.
> It doesn't look like it's in stable though, so not DSA will be needed.
>
> Mike Stone
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDOzYA9n4qXRzy1ioRAhNmAJ0X6feD1K711AnlplWQk/mgFkPSqgCfeYan
CxFKGWcdS29ZcNb1AdvmEhU=
=jBKI
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
