Vendredi 04 mai 2007, vers 09:57:07 (+0200), Kalle Olavi Niemitalo a
écrit :
* Don't look for gettext message catalogs in ../po/ (closes: #417789).
Thanks, Arnaud Giersch! Reference: CVE-2007-2027.
A less paranoid fix has been checked in to elinks-0.11 and
elinks-0.12 in Git. If you
Arnaud Giersch [EMAIL PROTECTED] writes:
I don't believe that this patch really solves the security issue. An
user may still be vulnerable if he wants to run his freshly compiled
(but not installed now) elinks. This user would typically run it as
/path/to/elinks/src/elinks. If his cwd is
Samedi 05 mai 2007, vers 22:14:33 (+0200), Kalle Olavi Niemitalo a
écrit :
Thank you for your concern. The patched ELinks 0.12.GIT
(d1fa336f7f390d9b51456498fac5dda8f54c18a4) appears to open the
correct gettext catalog in this case, regardless of what the
current working directory is. Please
Julien Cristau [EMAIL PROTECTED] writes:
elinks (0.11.1-1.4) unstable; urgency=high
.
* Non-maintainer security upload.
* Don't look for gettext message catalogs in ../po/ (closes: #417789).
Thanks, Arnaud Giersch! Reference: CVE-2007-2027.
A less paranoid fix has been checked
4 matches
Mail list logo
