[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IMPORTANT: security hole in colorize in unstable

Hi all,
I just noticed that version 0.3.0-2 of the colorize package (the one in
unstable; the testing version is OK) has all of its files owned by
user/group 1004.  I filed a critical bug, #117572, against the package.

* To see if you are affected:
	ls -l /usr/bin/colorize
* If this has user and group ownership of "1004" (or whoever is the
  equivalent user on your system), the following should fix it until a
  new deb is available:
	dpkg -L colorize | xargs chown root.root

Please CC replies to me since I'm not subscribed to the lists.

Kevin McCarty

Reply to: