On Mon, Nov 15, 2010 at 12:39 PM, Niels Mayer wrote:
I noticed that bristol-0.40.7-7 updated due to the following
update. What got me curious is what kind of security issue could
running bristol possibly pose?? -- none on it's own, but another rogue
package could exploit this issue ...
It is a minor security issue that also existed in our ardour and
tuxguitar packages, which are fixed now.
In order to exploit the security flaw, the attacker needs to have an
account on your computer, and he must have write access in one of the
common directories that you also use. There he places his malicious
"library". Then you open your command prompt and go to that directory,
you launch bristol there and boom.
This is more of a threat for public computers, and if you trust
everyone who has an account on your computer, there is nothing to