[mdlug] Fwd: tar advisory
M. D. Krauss
zeros0and1ones at yahoo.com
Mon Aug 27 02:56:53 EDT 2007
On Sun, 26 Aug 2007 09:51:35 -0400
"Clinton V. Weiss" <cvweiss at gmail.com> wrote:
> Wow, that goes directly against my argument then. I should have
> looked closer myself.
>
> Now one has to ask, why aren't these other distributions on top of
> things? If this newer version was released over a year ago then it
> should be fairly easy to include that version. I'm not familiar with
> the packaging of those distributions, so I'm making a wide assumption.
It would be true to say that Debian takes security more seriously than
most other distros. It would be true to say that this is not a very
serious vulnerability, and that you shouldn't be unpacking random,
untrusted tarballs as root anyhow.
Which, if either, applies in this case, is left as an exercise for the
reader - meaning, I don't know.
Regards,
Matthew
More information about the mdlug
mailing list