xfce 4.4.2 test packages ready

Eren Türkay turkay.eren at gmail.com
Sun Nov 18 08:47:33 CET 2007

On Sunday 18 November 2007 09:30:18 Brian J. Tarricone wrote:
> 1.  I disagree with their severity rating of 'High'.  An attacker has
> to a) somehow get a URL to display in Terminal, which is difficult (I
> don't imagine too many people run a text-mode web browser or interact
> with *too* much untrusted data in a terminal), and then, the user has
> to middle-click on it (not just click; middle-click), which is of
> rather low to medium probability.  Note that the kinds of people who
> are foolish enough to click on links of that nature are not the kinds
> of people who would end up using Terminal all that much.  Yes, it
> should be fixed.  Is it that big a deal?  No.

If user is using "irssi" or "weechat" with Terminal and someone gives an url 
which is confusing like "http://foo/bar.php?some=s&{rm -rf ~/}, how a user 
can be aware of this?

Is it a big deal? *Exactly* Yes!

More information about the Xfce4-dev mailing list