-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 tags 510585 pending thanks
On Wed, Jan 07, 2009 at 08:11:41PM +0100, Nico Golde wrote: >Upstream fix: >http://netatalk.cvs.sourceforge.net/viewvc/netatalk/netatalk/etc/papd/lp.c?r1=1.16&r2=1.17&view=patch > >I can confirm that an attacker can execute arbitrary code >without this fix. The output of the pixelate function is >just put into popen without any sanitization. Thanks for isloating and testing the minimal patch. I am almost ready to release a new packaging release based on the upstream prerelease, and will prepare security releases for Etch and Lenny based on above minimal patch. - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkllQcEACgkQn7DbMsAkQLhkdgCfRfQcCVus4vjmxxcIKoT5cXDK 8VsAn2bGCGkJASDTWX8AiR/Y5knJz+v7 =RMx/ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
