Greetings, Am Sonntag, 18. April 2004 20:58 schrieb Matt Zimmerman: > On Sun, Apr 18, 2004 at 08:47:16PM +0200, Jan L?hr wrote: > > Am Sonntag, 18. April 2004 18:56 schrieb Matt Zimmerman: > > > On Sat, Apr 17, 2004 at 10:16:11PM +0200, Jan L??hr wrote: > > > > what about > > > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 ? Is > > > > debian finally going to fix it? > > > > > > Current consensus between the security team and the Apache maintainers > > > is that it is not necessary to fix this in woody. > > > > Ehm... why ? ;) > > The same issue applies to any file which contains data supplied by an > untrusted source. This is a fundamental Unix feature (or flaw). Terminal > control sequences may be contained in the data.
Ok, seems reasonable. > > What about sarge or sid? > > If this were important to you, I expect you would have read the changelog > already, and discovered that it has been fixed in sarge and sid for over a > month. Sorry, my source-tree was a little bit outdated - just asking, 'cause it was in issue on debian-user-german. Keep smiling, thanks yanosz -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject "unsubscribe". Probleme? Mail an [EMAIL PROTECTED] (engl)