Hi Ludovic, * Ludovic Rousseau <[EMAIL PROTECTED]> [2008-11-01 15:55]: > On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde <[EMAIL PROTECTED]> wrote: > > Hi Bruno, > > * Bruno De Fraine <[EMAIL PROTECTED]> [2008-10-29 18:43]: > > [...] > >> Nico, do you think this would be sufficient to rule out the vulnerability? > > > > I didn't get this message because you didn't CC me. > > I just had a look at the applied patch and I think this is > > sufficient. > > You didn't fix CVE-2008-4640 in this version, did you? > > Exact. CVE-2008-4640 is still present. I don't think it is an > important problem.
Please reopen this bug then or clone it and reopen the clone. > If I understand correctly it will just delete > files with names derived from existing files. I cannot be used to > delete arbitrary files. Why is this unlink needed anyway? Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpPf1uiam3y0.pgp
Description: PGP signature
