Package: ecl Version: 0.9j-20080306-4 Severity: serious Tags: security Hello Debian Common Lisp Team, ecl includes a ELF file /usr/lib/ecl/asdf.fas with a rpath pointing to /tmp/buildd/ecl-0.9j-20080306/build/.
This allows an attacker with write access to that directory to add modified libraries which will be loaded when someone else run ecl. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]