Dear Security Team,
Dear Debian-Boot,
Andre has reported this bug on Nov 24, and I've now uploaded the new
NSIS version to unstable that fixes this bug.
In Debian, there's at least one NSIS installer shipped in packages:
win32-loader, that is shipped on our CDs and from the mirrors.
Would it b
Hi,
On Tuesday 01 December 2015 19:44:36 you wrote:
> I would propose to wait for the review and the fix going in upstream.
> Thereafter the fix could be back ported to the NSIS version distributed
> by Debian.
I agree. NSIS upstream reacted quickly and while it is of no concern to us (at
gpg4wi
Thank you very much for your detailed bug report.
I would propose to wait for the review and the fix going in upstream.
Thereafter the fix could be back ported to the NSIS version distributed
by Debian.
Best regards,
Thomas
Package: nsis
Version: 2.46-10
Installers generated by NSIS 2.46 are vulnerable to attacks that can lead to
code execution and privilege escalation (if the installer is running with
elevated privileges).
This has been reported to us at Gpg4win (www.gpg4win.org) which is built under
Debian GNU/
4 matches
Mail list logo
