On Mon, Jan 17, 2011 at 12:27:15AM +0100, Julien Cristau wrote:
> user release.debian....@packages.debian.org
> usertag 608981 squeeze-can-defer
> tag 608981 squeeze-ignore
> kthxbye
>
> On Fri, Jan 14, 2011 at 23:35:48 +0100, Moritz Mühlenhoff wrote:
>
> > reassign 608981 libggi2
> > thanks
> >
> > On Wed, Jan 05, 2011 at 04:16:36PM +1100, Silvio Cesare wrote:
> > > Package: zhcon
> > > Version: 1:0.2.6-5.2
> > > Severity: important
> > > Tags: security
> > >
> > > zhcon crashes when a long GGI_DISPLAY environment variable is used with
> > > ggi.
> > > Probably indicative of a buffer overflow. zhcon is SUID root, so this
> > > crash
> > > might potentially lead to privilege escalation. I haven't investigated
> > > further, so it is possible that this is a non exploitable crash.
> >
> > That's a but in libggi, not zhcon. Reassining.
> >
> Can be fixed through security post release, so tagging as not a blocker.
> If anyone wants this fixed before the release, they need to upload
> *now*.
A note to Wheezy bug hunters; I'm proceeding with the removal of libggi
for Wheezy.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
