On Mon, Oct 15, 2012 at 3:01 PM, Michael Gilbert wrote: > control: retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH > > On Mon, Oct 15, 2012 at 5:31 AM, Michael Stapelberg wrote: >> All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as "samba" when the >> samba package is installed, are called with a PATH environment variable >> containing this: > > Using the term "backdoor" is inappropriate and quite misleading as it > implies malicious activity. The issue is actually a build system > sanitization issue.
Also, to be fair, the same conclusions can be drawn on different architectures for paths like /build/buildd-isc-dhcp-*: https://buildd.debian.org/status/fetch.php?pkg=isc-dhcp&arch=i386&ver=4.2.4-2&stamp=1347600978 Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
