Re: Security bug in old libgtop-1.0



On Sun, 2003-05-11 at 13:34, Bastien Nocera wrote:
> On Sun, 2003-05-11 at 13:25, Andrew Sobala wrote:
> > Hi,
> > 
> > Another bug heads-up. Apparently we're distributing libgtop-1.0 with a
> > remote exploit (http://bugzilla.gnome.org/show_bug.cgi?id=112765). The
> > bug's got a patch.
> > 
> > Although it's unmaintained, I think we should fix this since some apps
> > will still be using it. If the maintainers think it's too much work and
> > give me the OK, I'll do the release (with just that one patch on top of
> > the last 1.0 release).
> 
> Martin was the maintainer at the time, and I don't think he is very
> interested in fixing this issue.
> 
> I guess you can release a fixed version. Is libgtop 2.x vulnerable?

The bug report doesn't indicate it, but the code is still there
unchanged so I'd guess yes.

-- 
Andrew Sobala <aes gnome org>

"A freudian slip is when you say one thing but you mean your mother." -- unknown




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]