Hi Axel,

On Fri, Jul 26, 2013 at 03:42:13PM +0200, Axel Beckert wrote:
> Anyway, at least Debian's default config is based on that file and
> hence IMO not remotely vulnerable with its default configuration.

Agreed (also after checking the wheezy package).

Would still be good to patch (or updating to new upstream version when
possible) for the missing basename call, making hobbit also safe
against the remove deletion vulnerability in non-default setups (and
possibly trough a proposed-update for stable and oldstable).

Possibly also for stable and oldstable through a proposed-updates.

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to