[maemo-developers] [maemo-developers] IMPORTANT: vulnerability in Application Manager, please check your repositories
From: David Weinehall david.weinehall at nokia.comDate: Wed Oct 25 18:37:01 EEST 2006
- Previous message: [maemo-developers] IMPORTANT: vulnerability in Application Manager, please check your repositories
- Next message: [maemo-developers] IMPORTANT: vulnerability in Application Manager, please check your repositories
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On ons, 2006-10-25 at 16:30 +0100, ext Andrew Flegg wrote: > On 10/25/06, David Weinehall <david.weinehall at nokia.com> wrote: > > > [snip] > > > > You know, IMO (not official Nokia policy) this isn't exactly a high risk > > security issue. To exploit, you need to install a package from an > > external, non-trusted source. Once you start installing non-trusted 3rd > > party applications, you're dead anyway. > > That's not what Marius said: > > > > The overflow happens when there is a repository in > > /etc/apt/sources.list that contains such a icon in one of its > > packages, or when you have installed a .deb file with such an icon. > > As such, it only requires someone to add a repository containing > MyEvilPackage (and then presumably look at the AM in such a way as to > display that package's icon). Well, it still is a low-level risk, since you have to add an untrusted repository to your repository-list. Regards: David
- Previous message: [maemo-developers] IMPORTANT: vulnerability in Application Manager, please check your repositories
- Next message: [maemo-developers] IMPORTANT: vulnerability in Application Manager, please check your repositories
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]