* Nicolas François: > Release Managers, Security Team: > Do you want 505071 to be fixed also for Lenny?
Do you mean "etch" instead of "lenny"? We'd probably release a DSA once there's a patch which has some track record, but as far as I can tell, the issue has not been fully analyzed yet. You guard against a symlink attack, but you don't seem to ensure that the TTY name retrieved from the utmp file is correct in the first place. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
