❦ 3 septembre 2013 08:51 CEST, Salvatore Bonaccorso <car...@debian.org> :
>> > Please adjust the affected versions in the BTS as needed. At least
>> > 0.9.2 looks affected.
>>
>> Hi Salvatore!
>>
>> Previous versions are likely to be affected too. I will try to backport
>> the patches. For version in Jessie and unstable, I will just upload
>> 0.9.3.
>
> Thanks for your quick reply! From what I see about the vulnerability,
> I would say this does not warrant a DSA, as the exploitability seems
> to be limited to a user-assisted remote attacker.
The exploit can be triggered by a user using a message as a template for
a new message. This seems far-fetched, so I agree.
> Do you agree on that conclusion? If yes I will mark this in the
> security-tracker appropriately. Could you address in that case the
> updates trough a proposed-update instead?
OK.
--
Identify bad input; recover if possible.
- The Elements of Programming Style (Kernighan & Plauger)
signature.asc
Description: PGP signature
