[10104] in bugtraq
Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight
daemon@ATHENA.MIT.EDU (Miguel de Icaza)
Tue Apr 6 14:45:56 1999
Date: Mon, 5 Apr 1999 13:00:14 -0500
Reply-To: Miguel de Icaza <miguel@NUCLECU.UNAM.MX>
From: Miguel de Icaza <miguel@NUCLECU.UNAM.MX>
X-To: lcamtuf@IDS.PL
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.05.9903070059130.710-100000@nimue.ids.pl> (message
from Michal Zalewski on Sun, 7 Mar 1999 01:41:25 +0100)
> 7. Midnight Commander 4.x bugs (x2)
>
> Still not fixed. Temporary files mc are created in insecure way, allowing
> typical races. Also, entering directories containing $(...) somewhere
> might result in execution of embeeded code.
4.x barely tells me anything. Code in the 4.x can mean anything in
the last 18 months. P
There are two major code versions:
4.1.xx: old, stable
4.5.xx: new, stable
I do not know of any problems in 4.5.xx. The code does take
appropiate steps to work around those problems.
> Described days ago, dunno why it hasn't been patched.
you might have described that to your shrink, or perhaps a frog
sitting on a rock, but I never saw any detailed bug reports about
this.
miguel.
