On Fri, Aug 08, 2008 at 08:06:28PM +1000, Aníbal Monsalve Salazar wrote: > The bzip2 version in testing has a bug in bzdiff. The $tmp variable is > not double quoted. It may be possible to craft a TMPDIR environment > variable to inject a commad like "rm\ /*" when line #62, "/bin/rm -f > $tmp;;" is executed, but I haven't tested it yet. At least, it doesn't > work if TMPDIR has spaces in it. > > Please unblock bzip2/1.0.5-1
Unblocked. Kind regards, Philipp Kern
signature.asc
Description: Digital signature
