This one time, at band camp, Michael Tautschnig said:
> > OMG, I forgot about the missing { } -- I guess we should ask the security
> > team
> > to wait for another upload fixing this? I can do it, but would like to get
> > your
> > ok.
> >
>
> Well, that is a bug indeed, but the cli_filecopy function (which contains that
> code) is never actually called!? So, should we fix it or not?Hmm, how odd. It appears you're right. I'd say it's probably better to make the first patch correct, but it seems a lot less important if it's in an unreachable code path. I'll leave it up to you guys and the security team whether or not it's worth fixing. The technical part is trivial - it's both an obvious bug and an easy fix, but I don't want to force the security team to review more than we already ask them to. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
_______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
