Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 07 Nov 2014 14:12:47 +1100
From: Joshua Rogers <>
Subject: Re: Re: CVE-Request: dpkg handling of 'control' and
 warnings format string vulnerability

On 07/11/14 12:27, Seth Arnold wrote:
> It is not safe to build packages from untrusted sources.
> It is not safe to install packages from untrusted sources.
I agree.
But, if you are analyzing a .deb file to see what it contains, etc., you
are not necessarily installing it.(e.g. dry-run)
And what about programs that use dpkg to list the details of the package?

-- Joshua Rogers <>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ