package: eglibc version: 2.10.1-2 severity: important tags: security it has been disclosed that it is possible to execute arbitrary code via ldd. this is a pretty obscure attack vector since it requires the user to run ldd on an untrusted executable. while unlikely (since users using ldd should be reasonably intelligent), it is very much possible, so a fix should be made. see [0] for more details.
i don't think that this is severe enough to warrant a DSA. if you would like to fix the problem in the stable releases, please coordinate with the release team. mike [0] http://www.catonmat.net/blog/ldd-arbitrary-code-execution -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org