On Sep 25, 2014 3:18 PM, "Matthias Urlichs" <matth...@urlichs.de> wrote: > > Hi, > > Samuel Thibault: > > Sounds crazy to me. > > > Definitely. This is now out in the wild; exploits which simply replace > echo or cat-without-/bin are going to happen. :-/ >
Actually, what I've seen reported in the wild have been wget and run an irc cnc script.a > Maybe we should add the patched version, with an appropriate NEWS entry, > to backports? > Maybe?