On Fri, Aug 06, 2004 at 11:41:12PM +0200, Niels Bakker wrote: > /usr/bin/info is not setuid, and I can't think of any way to invoke the > program where it would allow for privilege escalation. Why is the > severity "grave?" Remember that this is bugtraq, about security, not > the Debian bug tracking system, or texinfo's gnats. I think that the severity is overstated for Debian BTS too, IMO - and according to Debian Policy - this should be 'normal' or 'serious' at highest. Alex PS> Niels, your advertised address bounces with virtusertable errors, I tried to send this offlist first. -- 0x46399138
Attachment:
pgpXENOBvhObF.pgp
Description: PGP signature