Comment 5 for bug 1004503
Revision history for this message
| Michael Vogt (mvo) wrote Re: [Bug 1004503] Re: Incomplete fix for CVE-2012-0949 | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
On Fri, May 25, 2012 at 02:27:19PM -0000, Brian Murray wrote:
> I think it makes more sense to white list what we actually want to
> prevent issues like this in the future. I mean if we add code to
> update-manager to write another log file that ends up containing
> sensitive information we could end up with another CVE like this.
Yes, agreed on a whitelist approach, that makes more sense actually.
Cheers,
Michael