Package: llvm Version: 1.8b-1 Severity: serious Tags: security Hello Al, llvm includes a binary with a rpath pointing to /home/ahs3/debian/llvm/llvm-1.8b/llvm/Release/bin.
%chrpath /usr/lib/llvm/llvmc /usr/lib/llvm/llvmc: RPATH=/home/ahs3/debian/llvm/llvm-1.8b/llvm/Release/bin This allows an attacker with write access to that directory to add modified libraries which will be loaded when someone else run llvm. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large blue swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
