Hi everyone, I can't do this fix right now, since I don't have net access on a Debian machine. Would someone mind doing the update and upload? If no one is able to do it right now, I can do it via sneakernet to work, although not for a few days. Thanks! - David "Hoping to be back soon" Nusinow --- Stefan Fritsch <sf@sfritsch.de> wrote: > From: Stefan Fritsch <sf@sfritsch.de> > To: David Nusinow <dnusinow@debian.org> > Subject: CVE-2006-4447 (not checking setuid's return > value) in xterm > Date: Tue, 5 Sep 2006 21:19:21 +0200 > > Hi David, > > xterm is setgid utmp and according to [1] does not > correctly check the > return value of setgid, which might lead to some > privilege > escalation. Shouldn't this be fixed? > > Also, it would be good if you could check whether > there are other > setuid/setgid applications that need to be fixed. > The rest of those > mentioned in [1] are already fixed. > > Thanks in advance. > > Cheers, > Stefan > > [1] > http://lists.freedesktop.org/archives/xorg/2006-June/016146.html > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Attachment:
pgpvD0iowURqX.pgp
Description: pat476197184