On Wed, 2012-12-12 at 17:26 -0500, Michael Gilbert wrote:
> On Wed, Dec 12, 2012 at 12:52 PM, adrelanos wrote:
> > What is Debian policy on code execution from user websites?
>
> Unfortunately there is none. I've tried to gain consensus that at a
> minimum things downloaders like this need to sta
On Thu, 13 Dec 2012, Moritz Mühlenhoff wrote:
> Plus, installing Flash opens the Pandora's box anyway
When a user runs a web browser that calls the Flash plugin then that user
session is exposed to the risk of a compromised Adobe web site etc. When the
user visits a potentially hostile web sit
On Wed, Dec 12, 2012 at 12:52 PM, adrelanos wrote:
> What is Debian policy on code execution from user websites?
Unfortunately there is none. I've tried to gain consensus that at a
minimum things downloaders like this need to stay out of main, but
that thought hasn't really gained traction.
The
On Wed, Dec 12, 2012 at 05:52:31PM +, adrelanos wrote:
> Since get-upstream-version.pl runs as root it can do anything.
>
> I don't accuse him personally for anything. But should he ever be
> compromised (forced, evil maid, etc...) it's very easy to mount a
> stealth attack.
I would worry mor
Hai,
On Wed, Dec 12, 2012 at 12:33 PM, Bart Martens wrote:
> I already use "mktemp -d /tmp/flashplugin-nonfree.XX". Isn't that
> secure ? What is the problem you are suggesting to file a bug for ?
Please tell me you are trolling?
--
To UNSUBSCRIBE, email to debian-security-requ...@li
Hello Moritz,
On Wed, Dec 12, 2012 at 07:02:08PM +0100, Moritz Mühlenhoff wrote:
> On Wed, Dec 12, 2012 at 05:52:31PM +, adrelanos wrote:
> > I do not want to discuss security implications of the upstream closed
> > source Adobe Flash plugin. This is about how the Flash plugin is
> > downloade
Moritz Mühlenhoff:
> On Wed, Dec 12, 2012 at 05:52:31PM +, adrelanos wrote:
>> Hi,
>>
>> I do not want to discuss security implications of the upstream closed
>> source Adobe Flash plugin. This is about how the Flash plugin is
>> downloaded and installed in Debian.
>>
>> /usr/sbin/update-flashp
On Wed, Dec 12, 2012 at 05:52:31PM +, adrelanos wrote:
> Hi,
>
> I do not want to discuss security implications of the upstream closed
> source Adobe Flash plugin. This is about how the Flash plugin is
> downloaded and installed in Debian.
>
> /usr/sbin/update-flashplugin-nonfree downloads get
Hi,
I do not want to discuss security implications of the upstream closed
source Adobe Flash plugin. This is about how the Flash plugin is
downloaded and installed in Debian.
/usr/sbin/update-flashplugin-nonfree downloads get-upstream-version.pl
http://people.debian.org/~bartm/flashplugin-nonfree
Quoting Louise Bonadio :
Please remove g...@vanguardsa.ch from your list.
Please do it for yourself. Have a look at the footer, to find out how
to achieve this.
Cheers,
Georg
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Co
Please remove g...@vanguardsa.ch from your list.
He no longer works for our company and his email inbox is readen only for
emergencies.
Regards,
Louise Bonadio
-
Louise Bonadio
Chief Legal Officer
Vanguard SA
22, rue de l'Athénée
1206 Genève
TVA n° 724 090
Le 11.12.12 20:11, « Floria
11 matches
Mail list logo
