Marek Olejniczak wrote:
Just to be sure. You meant the sudo package?
Yes, sudo package is broken:
at least the sudo vulnerability can easily be fixed with a workaround
('correct' order of /etc/sudoers), is a local exploitability and then
only for users who already were sudoers. so it is not really that
critical. the spamassassin on the other hand seems way more severe since
it sounds as if one email would suffice to shutdown spamassassin and
subsequently possibly even the whole MTA.
,iso
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
