severity 652914 normal
retitle 652914 should document how to not run xmms2d insecurely
thanks
> - in the default configuration, xmms2d is secured using UNIX domain
> sockets, this is reasonably secure
>
> - however, users may be tempted to enable TCP mode, which has no
> security at all
The exis
On Thu, Dec 22, 2011 at 7:01 AM, Daniel Pocock wrote:
> However, it is not so obvious that the socket allows people to browse
> the server filesystems - even some more advanced users may find that
> surprising
I agree, if it wasn't for the fact that this is exactly how it works
if you use XMMS2 o
On 21/12/11 23:43, Daniel Svensson wrote:
> On Wed, Dec 21, 2011 at 11:18 PM, Daniel Svensson wrote:
>> On Wed, Dec 21, 2011 at 8:55 PM, Daniel Pocock wrote:
>>> Package: xmms2-core
>>> Version: 0.7DrNo+dfsg-2
>>> Severity: grave
>>>
>>> I've chosen the severity `grave' as it is suggested for i
On Wed, Dec 21, 2011 at 11:18 PM, Daniel Svensson wrote:
> On Wed, Dec 21, 2011 at 8:55 PM, Daniel Pocock wrote:
>> Package: xmms2-core
>> Version: 0.7DrNo+dfsg-2
>> Severity: grave
>>
>> I've chosen the severity `grave' as it is suggested for issues that
>> could "introduce a security hole allow
On Wed, Dec 21, 2011 at 8:55 PM, Daniel Pocock wrote:
> Package: xmms2-core
> Version: 0.7DrNo+dfsg-2
> Severity: grave
>
> I've chosen the severity `grave' as it is suggested for issues that
> could "introduce a security hole allowing access to the accounts of
> users who use the package"
> http:
Package: xmms2-core
Version: 0.7DrNo+dfsg-2
Severity: grave
I've chosen the severity `grave' as it is suggested for issues that
could "introduce a security hole allowing access to the accounts of
users who use the package"
http://www.debian.org/Bugs/Developer#severities
Details:
- in the default
6 matches
Mail list logo
