On Thu, Aug 26, 2010 at 08:21:42AM +0900, Nobuhiro Iwamatsu wrote: > tags 594414 lenny > thanks > > Hi, > > Thanks for your report. > > On Wed, Aug 25, 2010 at 09:58:56PM +0200, Moritz Muehlenhoff wrote: > > Package: slim > > Severity: grave > > Tags: security > > > > The following was reported to oss-security: > > > > -- > > > > SLiM versions prior to 1.3.1 assigned logged on users a predefined PATH > > which included './'. This allowed unintentional code execution (e.g. > > planted binary) and has been fixed by the developers in version 1.3.2. > > > > Fix: > > http://svn.berlios.de/wsvn/slim?op=comp&compare[]=/@170&compare[]=/@171 > > slim has this problem only lenny. > I'll fix soon.
The impact seems rather low, I don't think we need a DSA for this? Could you fix this through a stable point update, please? http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
