Bug#28850: gettext: security problem when used in setuid programs

To: Marek Michalkiewicz <marekm@piast.t19.ml.org>, 28850@bugs.debian.org
Subject: Bug#28850: gettext: security problem when used in setuid programs
From: Santiago Vila <sanvila@unex.es>
Date: Tue, 26 Jan 1999 17:16:11 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.990126171430.11599A-100000@cantor.unex.es>
Reply-to: Santiago Vila <sanvila@unex.es>, 28850@bugs.debian.org

On Mon, 2 Nov 1998, Marek Michalkiewicz wrote:

> Package: gettext, libc6
> Version: 0.10.35-3, 2.0.7t-1
> 
> gettext is insecure when used in setuid programs - it can be used to open
> any file on the system for reading.

Fixed in gettext_0.10.35-7, now in slink.

However, I can't just fix this bug, since it may affect lots of other
programs, so I'm going to reassign it to "general".

Thanks.

-- 
 "0d1a6841b7f708e723b0c5fb615aa562" (a truly random sig)

Reply to:

Prev by Date: Processed: Re: Bug#32383: ldso: trying to overwrite ldd
Next by Date: Bug#28850: Need a check for suid applications
Previous by thread: Bug#32383: ldso: trying to overwrite ldd
Next by thread: Bug#28850: Need a check for suid applications
Index(es):
- Date
- Thread