Joey Hess <[EMAIL PROTECTED]> wrote: > - No rationalle was given for sweeping the sql injection vulnerbility > under the rug as a minor hole.
This bug is unlikely to be exploitable because you have to get authorized successfully by correctly escaped SQL requests before running any of the unescaped requests. > - Even single character buffer overruns have been successfully > exploited before. A remote attacker doesn't know what SQL query the administrator wrote in the config file. He can't figure out easily which character is the 4096th in the string. Moreover the rest of the string has been encoded and there are only safe characters. On top of that, the buffer overflow allows to write only two characters beyond the limit: one in [0-9A-F] and a '\0'. > - If you want to get the fix into sarge, which you apparently do, then > your use of the "minor" severity would tend to undermine that. If you think you are the person who knows more about the issue then chose the severity as you like. People are making a lot of publicity about this issue which is unimportant indeed. To my mind, fixing this into sarge is only useful to relieve Debian users who read the exagerated security announcements. -- Nicolas Baradakis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
