Re: Release-critical Bugreport for January 13, 1999
On Wed, 13 Jan 1999, BugScan reporter wrote:
> Package: base-files (main)
> Maintainer: Santiago Vila <sanvila@ctv.es>
> 31792 base-files: /var/tmp permissions need to be 1777
I can't reproduce this. /var/tmp was already 1777 in bo.
I expect the submitter to send more info.
In the meantime I have downgraded this to normal.
> Package: gettext (main)
> Maintainer: Santiago Vila <sanvila@ctv.es>
> 28850 gettext: security problem when used in setuid programs
I intentionally upgraded this to "important" because it is a security
problem.
This is already fixed in libc6, according to Joel Klecker.
Ulrich Drepper says he plans to fix gettext after releasing the new libc,
so I'm in doubt about whether it is worth to invest time on it or
just wait for it to be fixed upstream.
Even if gettext itself is changed, we would have to fix all the suid apps
using it as well so that they link with the fixed library (when static
linking is used).
--
"ca65a4d4e4c3d8ae97eceebe6698e10b" (a truly random sig)
Reply to: