CVE-2008-5138 pam_mount insecure tempfile creation - to update or not?
Tomas Hoger
thoger at redhat.com
Sun Nov 23 20:42:35 UTC 2008
Hi Till!
Comment added to BZ as well...
On Fri, 21 Nov 2008 22:51:32 +0100 Till Maas <opensource at till.name>
wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=472109#c2
>
> The question is now, whether I should update the package without the
> affected script to make everyone aware of this or just keep it as is.
This has a very low impact due to the reasons you have explained. For
Red Hat Enterprise Linux we tend to postpone fixing low impact issues,
it should be fine to deal with this once there's a better reason to do
new packages.
--
Tomas Hoger / Red Hat Security Response Team
More information about the Fedora-security-list
mailing list