Hi, * Christoph Anton Mitterer <christoph.anton.mitte...@physik.uni-muenchen.de> [2009-09-06 01:01]: > I'm currently looking at Debian packages which download and install files > from > the internet (as their main content) whether they check the validity of these > files. > > This package does not make any hashsum check (e.g. SHA512, which should > probably used) and fail installation if the hashes doesn't match. > That's why I've marked this bug as security critical.
This is not entirely correct, actually the packages checks md5 hashes (yes, i know this is broken). Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpkjsxtlUaHs.pgp
Description: PGP signature
