Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 07 Nov 2014 14:12:47 +1100
From: Joshua Rogers <>
Subject: Re: Re: CVE-Request: dpkg handling of 'control' and
 warnings format string vulnerability

On 07/11/14 12:27, Seth Arnold wrote:
> It is not safe to build packages from untrusted sources.
> It is not safe to install packages from untrusted sources.
I agree.
But, if you are analyzing a .deb file to see what it contains, etc., you
are not necessarily installing it.(e.g. dry-run)
And what about programs that use dpkg to list the details of the package?

-- Joshua Rogers <>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.