Date: Fri, 07 Nov 2014 14:12:47 +1100 From: Joshua Rogers <oss@...ernot.info> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability On 07/11/14 12:27, Seth Arnold wrote: > It is not safe to build packages from untrusted sources. > It is not safe to install packages from untrusted sources. I agree. But, if you are analyzing a .deb file to see what it contains, etc., you are not necessarily installing it.(e.g. dry-run) And what about programs that use dpkg to list the details of the package? Thanks -- -- Joshua Rogers <https://internot.info/>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ