hiya, On Wednesday 09 April 2008 01:11:26 am Matt Brown wrote: > On Tue, Apr 8, 2008 at 10:53 PM, Niko Tyni <[EMAIL PROTECTED]> wrote: > > phpwiki > > phpwiki is not affected by this as the package installs the database > with permissions 664 root:www-data
however, i suspect that the data used by bacula's packages is sufficiently
sensitive to warrant action. we could do any of the following:
- issue a security upload with the diff from the NMU
- issue an update via etch-proposed-updates
- ensure the affected packages in unstable depend on dbc >= this nmu and
that they migrate successfully to lenny
and it seems of these the security upload is both the simplest solution as
well as most sensible one.
i don't know that a CVE is really necessary though, since this is a very minor
issue that does not currently affect anyone (if you don't count partial
upgrades to stuff from backports), and only has the *potential* to do so if
it's not resolved before lenny is released. then again, i've seen CVE's
assigned for even less worthy things that ended up as non-issues (i.e. half
of the php-related CVE's in the past year), so i'll defer to the security
folks on that.
sean
signature.asc
Description: This is a digitally signed message part.
