Package: cheetah
Severity: grave
Tags: security
Cheetah loads arbitrary module code from /tmp, see
http://sourceforge.net/mailarchive/forum.php?thread_id=7070332&forum_id=1542
for a detailed discussion. It's fixed in CVS and 0.9.17rc1,
but since Sarge is in freeze an upload with only the security
fix would surely be appreciated by the release managers.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
