Hi Santiago, * Santiago Garcia Mantinan <[EMAIL PROTECTED]> [2008-04-21 00:56]: > > CVE-2008-1834[0]: > > | swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict > > | local file access from untrusted sandboxes, which allows remote > > | attackers to read arbitrary files via a crafted Flash file. > > Version 0.5 was a development version, we have 0.6.4 on the archives and I'm > waiting for it to enter testing, which should happen in a few days. > > I'm wondering if we can request the removal of swfdec0.5 along with its > dependencies (swfdec-mozilla and swfdec-gnome old versions) so that the new > ones can enter testing, we've been waiting for arm for more than a month > now, and I don't think this will change in the near future, and that is > stopping the stable versions from replacing the old development ones :-(
Sounds good, I also wondered about the two versions. Go ahead and file a removal bug if you think that is appropriate. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpqRfvKtWfBK.pgp
Description: PGP signature
