--dTy3Mrz/UPE2dbVg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 15, 2004 at 12:55:27PM +0100, Lubomir Sedlacik wrote:

> > > I guess this has to be pulled up to the 2004Q3 branch (don't have a
> > > local copy of it to verify that the fix applies cleanly).
> >=20
> > this vulnerability only applies to GNATS 4.0.0, and the branch is at
> > GNATS 3.x, so no need for a pullup.
>=20
> gnats<4  privilege-escalation  http://www.securityfocus.com/archive/1/326=
337

indeed, you are correct - the CVE entry says "GNATS 4.0.0", which is
unfortunately too narrow.

normally, we do not pull up major updates to the branch but this
probably qualifies for an exception. is GNATS 4.0 backward compatible
with 3.x, or is the update intrusive?

grant.


--dTy3Mrz/UPE2dbVg
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFBmJruluYOb9yiFXoRAq8mAJ0RNx7nA10WUz/0ucwq9mM1bm4D3wCgpUg2
hZgO4h3SPVOozHltbwbF2dQ=
=BEkk
-----END PGP SIGNATURE-----

--dTy3Mrz/UPE2dbVg--