On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde <[EMAIL PROTECTED]> wrote: > Hi Bruno, > * Bruno De Fraine <[EMAIL PROTECTED]> [2008-10-29 18:43]: > [...] >> Nico, do you think this would be sufficient to rule out the vulnerability? > > I didn't get this message because you didn't CC me. > I just had a look at the applied patch and I think this is > sufficient. > You didn't fix CVE-2008-4640 in this version, did you?
Exact. CVE-2008-4640 is still present. I don't think it is an important problem. If I understand correctly it will just delete files with names derived from existing files. I cannot be used to delete arbitrary files. But if someone has a fix for CVE-2008-4640 I will apply it and upload a new version. Bye -- Dr. Ludovic Rousseau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
