On Sun, Apr 18, 2004 at 08:47:16PM +0200, Jan L?hr wrote: > Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman: > > On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote: > > > what about > > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is > > > debian finally going to fix it? > > > > Current consensus between the security team and the Apache maintainers is > > that it is not necessary to fix this in woody. > > Ehm... why ? ;)
The same issue applies to any file which contains data supplied by an untrusted source. This is a fundamental Unix feature (or flaw). Terminal control sequences may be contained in the data. > What about sarge or sid? If this were important to you, I expect you would have read the changelog already, and discovered that it has been fixed in sarge and sid for over a month. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
