Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
Please don't top-post, it just plain sucks...
On Tue, 2004-01-27 at 12:23, Don Seiler wrote:
> My main focus is that no official notification has yet come from gaim
> that there is what could fairly be called a serious security flaw. The
> only acknowledgement that the flaw exists comes when a dev gives a
> backhanded response of "fixed in 0.76, it will will come when it's
> ready", as if this was just some minor cosmetic bug that we can wait
Are these issues really so terribly serious we should all be patching
our gaims? If you're running gaim as root, then you really almost
deserve anything you get. If you're running it as a user, any damage
done will be not so huge.
And that is all assuming somebody is able to utilize these security
holes and execute code remotely. More likely is they would be able to
potentially crash gaim. Gaim crashes frequently enough all by itself,
who is going to care if somebody remotely crashes it?
As I read the report, it was a lot of "potentially" and "maybe" issues.
With no actual example of the code being utilized to do damage to
anybody, I really don't see how you can justify calling the issues a
'serious security flaw' ... can you?
Serious security flaws in the past include the Apache hole that had that
worm spreading around two years ago, Outlook Express automatically
executing code embedded in an email, Internet Explorer automatically
executing malicious code on websites, or the whole Windows/MSBlaster
I think we will all survive this 'serious security flaw'.