Package: tss Version: 0.8.1-3 Severity: critical Tags: security Justification: root security hole
tss has a setuid binary. The source code is src/main.c: sprintf(glob_string, "%s/.tss/*", getenv("HOME")); (before dropping setuid, needless to say) Helmut -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23.14 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages tss depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libncurses5 5.6+20080405-1 Shared libraries for terminal hand tss recommends no packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]