On 10/25/06, David Weinehall <[EMAIL PROTECTED]> wrote:
[snip]
You know, IMO (not official Nokia policy) this isn't exactly a high risk security issue. To exploit, you need to install a package from an external, non-trusted source. Once you start installing non-trusted 3rd party applications, you're dead anyway.
That's not what Marius said:
The overflow happens when there is a repository in /etc/apt/sources.list that contains such a icon in one of its packages, or when you have installed a .deb file with such an icon.
As such, it only requires someone to add a repository containing MyEvilPackage (and then presumably look at the AM in such a way as to display that package's icon).
That said: we're a Debian based distribution, hence we follow the Debian release policy. We release when it's ready.
As I said in reply to Ian, at the moment it's not even clear that another release *is* planned: as far as we know, the next release could be planned for 2008 on the Nokia 880, with a cutdown version available for 770 die-hards for the bargain basement price of 999EUR. Some clarity would, therefore, be very much appreciated. Cheers, Andrew -- Andrew Flegg -- mailto:[EMAIL PROTECTED] | http://www.bleb.org/ _______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers