Package: mailscanner Version: 4.38.10-1 Severity: serious Justification: fhs
Hello, with the default configuration, mailscanner uses /tmp as the directory holding pid and lock files. Since these dirs are world writeable, this is a security concern. It should use /var/run/mailscanner instead. I think this bug should be fixed downstream and be reported upstream as well. Greetings, Wollie -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages mailscanner depends on: ii debconf 1.4.30.11 Debian configuration management sy ii exim4 4.44-2 metapackage to ease exim MTA (v4) ii exim4-daemon-heavy [mail-tran 4.44-2 exim MTA (v4) daemon with extended ii libarchive-zip-perl 1.14-1 Module for manipulation of ZIP arc ii libcompress-zlib-perl 1.34-1 Perl module for creation and manip ii libconvert-binhex-perl 1.119-2 Perl5 module for extracting data f ii libconvert-tnef-perl 0.17-4 Perl module to read TNEF files ii libhtml-parser-perl 3.45-1 A collection of modules that parse ii libmime-perl 5.417-1 Perl5 modules for MIME-compliant m ii libnet-cidr-perl 0.10-1 Manipulate IPv4/IPv6 netblocks in ii perl 5.8.4-6 Larry Wall's Practical Extraction ii spamassassin 3.0.2-1 Perl-based spam filter using text ii ucf 1.14 Update Configuration File: preserv ii unzip 5.52-1 De-archiver for .zip files ii wget 1.9.1-8 retrieves files from the web -- debconf information: mailscanner/v3_upgrade: Don't upgrade -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]