> > At the request of the gnumeric maintainer a new version is being released by > > Red Hat which addresses potential security issues with the version of > > gnumeric shipped in Red Hat Linux 6.0. > [..] > > No useful data. Yes, there is useful data. The key sequence here is "At the request of the gnumeric maintainer" and "potential security issues". That would be me. The main author. The maintainer. > I don't blindly update software just because the vendor told me to, on the > assumption that "it must be good for me". I don't suspect a lot of people > on this list do either... Well, you can take my word for it. The code used to have a serious potential security hole. It has been fixed for quite some time, but it never clicked into my head until recently. And the package as shipped by most people that are using GNOME 1.0.x based systems included this problem. Yes, you can find the problem if you go and review the last 10 or so diffs of Gnumeric. Not a big job, but why give away this information for abuse right now? Give people a chance to upgrade Gnumeric and I will happilly share the information with bugtraq (if someone does not read the 10 diffs in the meantime). Best wishes, Miguel.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:05 PDT