Secunia writes: A weakness has been reported in ntop, which can be exploited by malicious, local users to manipulate certain information. The weakness is caused due to ntop creating the access log file with world-writable permissions, which can be exploited to modify the access log information. Successful exploitation may require that ntop is launched with the "--access-log-file" and "-d" options.
Created attachment 189024 [details, diff] Fix from upstream SVN
For reference: http://secunia.com/advisories/34793/
Fixed in ntop-3.3.9-r2. In bug 265704 I've asked for stable keywords.
ntop-3.3.9-r2 is stable now.
Ready for vote then, I vote YES.
I vote NO.
NO, too. Closing