oss-sec mailing list archives
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability
From: Joshua Rogers <oss () internot info>
Date: Fri, 07 Nov 2014 14:12:47 +1100
On 07/11/14 12:27, Seth Arnold wrote:
It is not safe to build packages from untrusted sources. It is not safe to install packages from untrusted sources.
I agree. But, if you are analyzing a .deb file to see what it contains, etc., you are not necessarily installing it.(e.g. dry-run) And what about programs that use dpkg to list the details of the package? Thanks -- -- Joshua Rogers <https://internot.info/>
Current thread:
- CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 05)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Sven Kieske (Nov 07)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 07)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign (Nov 06)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Roers (Nov 15)