On ons, 2006-10-25 at 16:30 +0100, ext Andrew Flegg wrote: > On 10/25/06, David Weinehall <[EMAIL PROTECTED]> wrote: > > > [snip] > > > > You know, IMO (not official Nokia policy) this isn't exactly a high risk > > security issue. To exploit, you need to install a package from an > > external, non-trusted source. Once you start installing non-trusted 3rd > > party applications, you're dead anyway. > > That's not what Marius said: > > > > The overflow happens when there is a repository in > > /etc/apt/sources.list that contains such a icon in one of its > > packages, or when you have installed a .deb file with such an icon. > > As such, it only requires someone to add a repository containing > MyEvilPackage (and then presumably look at the AM in such a way as to > display that package's icon).
Well, it still is a low-level risk, since you have to add an untrusted repository to your repository-list. Regards: David _______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
