On Mon, Nov 15, 2010 at 12:39 PM, Niels Mayer wrote: > I noticed that bristol-0.40.7-7 updated due to the following security > update. What got me curious is what kind of security issue could > running bristol possibly pose?? -- none on it's own, but another rogue > package could exploit this issue ... > It is a minor security issue that also existed in our ardour and tuxguitar packages, which are fixed now. In order to exploit the security flaw, the attacker needs to have an account on your computer, and he must have write access in one of the common directories that you also use. There he places his malicious "library". Then you open your command prompt and go to that directory, you launch bristol there and boom. This is more of a threat for public computers, and if you trust everyone who has an account on your computer, there is nothing to worry. Orcan _______________________________________________ music mailing list music@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/music
