On Tue, Jan 31, 2012 at 10:22:20AM +0100, Marc Dequènes (Duck) wrote: > Coin, > > Quoting Jonathan Nieder <[email protected]>: > >> Format string includes filename, which I believe can be arbitrary. >> Looks like a low-severity security bug. (Attacker tricks victim >> into opening sound file with funny name. Then...) > > Yes, that's true for any package needing a format-security patch. > > I'll prepare a package for stable, but i'm gonna solve the problem in > unstable by a removal, as nobody has stepped to handle maintainership > since i asked for help on #622013 and alerted the GNU application > maintainer.
The impact is very low, please fix this through a point update: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

