-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 30 May 2004 18:14:43 +1200 Source: razor Binary: razor Architecture: source i386 Version: 2.400-2 Distribution: unstable Urgency: low Maintainer: Corrin Lakeland <lakeland@debian.org> Changed-By: Corrin Lakeland <lakeland@debian.org> Description: razor - spam-catcher using a collaborative filtering network Changes: razor (2.400-2) unstable; urgency=low . * First real attempt at fixing tainting issues * Added an extra ugly untaint to Config.pm, specifically * untainting the filename. I'm not entirely happy about this, but * I can't see any better solutions. Superficial code analysis implies * it won't add any security holes (it would require the cracker to have * write permission to the system wide configuration file in order to * hijack razor, and that file should have at least as tight permissions as * the razor process so a cracker with access to that file won't gain * much (perhaps another method to add a backdoor for themselves?) Files: 66261f08d112537a3fc31654ea753d40 668 mail optional razor_2.400-2.dsc 5c9c43758c1704f42111cf9b939c0f5d 7873 mail optional razor_2.400-2.diff.gz e123da24d80e0ee915a07dc819c6a881 112428 mail optional razor_2.400-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAzARsi5A0ZsG8x8cRArajAJ9T/hBJFjQCq6u+YoTkjGi6n5/O7QCgip1j FTBIQ7NvJOR52EVlPASE3pc= =e2NQ -----END PGP SIGNATURE----- Accepted: razor_2.400-2.diff.gz to pool/main/r/razor/razor_2.400-2.diff.gz razor_2.400-2.dsc to pool/main/r/razor/razor_2.400-2.dsc razor_2.400-2_i386.deb to pool/main/r/razor/razor_2.400-2_i386.deb -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
