Le Sat, Jan 15, 2000 at 04:25:35PM +0100, Thierry Laronde écrivait: > Package: cgi-scripts > Severity: critical > > This orphaned package is, at the moment, inconsistent, lacking documentation, > giving scripts that are now almost useless, and placing in /cgi-bin/ Bourne > Shell scripts invoking directly commands like 'finger', which introduces > security holes.
Did you find security holes ? If not how can you be sure that there are some ? If I remember well, some have already been discovered and most of the shell escape problems have been fixed. I think this bug shouldn't be marked as grave until a real problem is given. Anyway I wouldn't mind if we remove this package from Debian. What do people think ? Cheers, -- Raphaël Hertzog -=- http://tux.u-strasbg.fr/~raphael/ <pub> CDs Debian : http://tux.u-strasbg.fr/~raphael/debian/#cd </pub>
