IMPORTANT: security hole in colorize in unstable
Hi all,
I just noticed that version 0.3.0-2 of the colorize package (the one in
unstable; the testing version is OK) has all of its files owned by
user/group 1004. I filed a critical bug, #117572, against the package.
* To see if you are affected:
ls -l /usr/bin/colorize
* If this has user and group ownership of "1004" (or whoever is the
equivalent user on your system), the following should fix it until a
new deb is available:
dpkg -L colorize | xargs chown root.root
Please CC replies to me since I'm not subscribed to the lists.
Sincerely,
Kevin McCarty
Reply to: