On Tue, Jan 31, 2012 at 10:22:20AM +0100, Marc Dequènes (Duck) wrote: > Coin, > > Quoting Jonathan Nieder <jrnie...@gmail.com>: > >> Format string includes filename, which I believe can be arbitrary. >> Looks like a low-severity security bug. (Attacker tricks victim >> into opening sound file with funny name. Then...) > > Yes, that's true for any package needing a format-security patch. > > I'll prepare a package for stable, but i'm gonna solve the problem in > unstable by a removal, as nobody has stepped to handle maintainership > since i asked for help on #622013 and alerted the GNU application > maintainer.
The impact is very low, please fix this through a point update: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
