Re: Release-critical Bugreport for January 13, 1999

To: debian-devel@lists.debian.org, wakkerma@debian.org
Subject: Re: Release-critical Bugreport for January 13, 1999
From: Santiago Vila <sanvila@unex.es>
Date: Wed, 13 Jan 1999 19:49:38 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.990113194007.8566A-100000@cantor.unex.es>
In-reply-to: <19990113001508.A25349@debian.org>

On Wed, 13 Jan 1999, BugScan reporter wrote:

> Package: base-files (main)
> Maintainer: Santiago Vila <sanvila@ctv.es>
>   31792  base-files: /var/tmp permissions need to be 1777

I can't reproduce this. /var/tmp was already 1777 in bo.
I expect the submitter to send more info.
In the meantime I have downgraded this to normal.

> Package: gettext (main)
> Maintainer: Santiago Vila <sanvila@ctv.es>
>   28850  gettext: security problem when used in setuid programs

I intentionally upgraded this to "important" because it is a security
problem.

This is already fixed in libc6, according to Joel Klecker.
Ulrich Drepper says he plans to fix gettext after releasing the new libc,
so I'm in doubt about whether it is worth to invest time on it or
just wait for it to be fixed upstream.

Even if gettext itself is changed, we would have to fix all the suid apps
using it as well so that they link with the fixed library (when static
linking is used).

-- 
 "ca65a4d4e4c3d8ae97eceebe6698e10b" (a truly random sig)

Reply to:

Prev by Date: RE Unmet Deps revisted also Release-critical Bugreport for
Next by Date: Re: Fix for /bin/date -R (was Re: 822-date obsolete?)
Previous by thread: Re: RE Unmet Deps revisted also Release-critical Bugreport for
Next by thread: Re: Release-critical Bugreport for January 13, 1999
Index(es):
- Date
- Thread