Bug#28850: gettext: security problem when used in setuid programs
On Mon, 2 Nov 1998, Marek Michalkiewicz wrote:
> Package: gettext, libc6
> Version: 0.10.35-3, 2.0.7t-1
>
> gettext is insecure when used in setuid programs - it can be used to open
> any file on the system for reading.
Fixed in gettext_0.10.35-7, now in slink.
However, I can't just fix this bug, since it may affect lots of other
programs, so I'm going to reassign it to "general".
Thanks.
--
"0d1a6841b7f708e723b0c5fb615aa562" (a truly random sig)
Reply to: