[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sharutils: pending release of 4.6.3
From: |
Santiago Vila |
Subject: |
Re: sharutils: pending release of 4.6.3 |
Date: |
Thu, 18 May 2006 02:02:32 +0200 (CEST) |
On Wed, 17 May 2006, Pavel Roskin wrote:
> "If an attacker can convince a user to invoke uudecode on a malicious
> file without reviewing the included file name, the attacker can cause
> the user to overwrite any file accessible by the user."
Hmm, this is similar to http://bugs.debian.org/149454.
Isn't this a feature more than a bug?