On Fri, Aug 27, 2010 at 08:55:23AM +0900, Nobuhiro Iwamatsu wrote:
> Hi,
>
> > The impact seems rather low, I don't think we need a DSA for this?
>
> OK. May I think this to be the official answer of the security team?
> # Because you are member of security team.
Yes, that should be ok. I'll upd
Hi,
2010/8/27 Moritz Muehlenhoff :
> On Thu, Aug 26, 2010 at 08:21:42AM +0900, Nobuhiro Iwamatsu wrote:
>> tags 594414 lenny
>> thanks
>>
>> Hi,
>>
>> Thanks for your report.
>>
>> On Wed, Aug 25, 2010 at 09:58:56PM +0200, Moritz Muehlenhoff wrote:
>> > Package: slim
>> > Severity: grave
>> > Tags
On Thu, Aug 26, 2010 at 08:21:42AM +0900, Nobuhiro Iwamatsu wrote:
> tags 594414 lenny
> thanks
>
> Hi,
>
> Thanks for your report.
>
> On Wed, Aug 25, 2010 at 09:58:56PM +0200, Moritz Muehlenhoff wrote:
> > Package: slim
> > Severity: grave
> > Tags: security
> >
> > The following was reporte
On Thu, Aug 26, 2010 at 08:21:42AM +0900, Nobuhiro Iwamatsu wrote:
> tags 594414 lenny
> thanks
>
> Hi,
>
> Thanks for your report.
>
> On Wed, Aug 25, 2010 at 09:58:56PM +0200, Moritz Muehlenhoff wrote:
> > Package: slim
> > Severity: grave
> > Tags: security
> >
> > The following was reporte
tags 594414 lenny
thanks
Hi,
Thanks for your report.
On Wed, Aug 25, 2010 at 09:58:56PM +0200, Moritz Muehlenhoff wrote:
> Package: slim
> Severity: grave
> Tags: security
>
> The following was reported to oss-security:
>
> --
>
> SLiM versions prior to 1.3.1 assigned logged on users a prede
Package: slim
Severity: grave
Tags: security
The following was reported to oss-security:
--
SLiM versions prior to 1.3.1 assigned logged on users a predefined PATH
which included './'. This allowed unintentional code execution (e.g.
planted binary) and has been fixed by the developers in version
6 matches
Mail list logo
