On Sat, Dec 11, 2010 at 03:14:17AM +0100, Florian Zumbiehl wrote: > > Well, yeah, there is also a vulnerability due to this maintainer > script itself--though I mostly intended to point out the vulnerability > in logrotate which could be fixed in such a way that logrotate > itself could create new log files without compromising security > (which is the case in testing, though with the avoidable regression > mentioned). >
aolserver per se does not run as root, ideed this is an oversight in the postinst script. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
