Package: cdrdao
Version: 1.1.9-3
Tags: security
Severity: important
>From the new upstream 1.2.0 ChangeLog:
o SECURITY FIX: cdrdao now gives up its root privileges after setting
up real-time scheduling, as well as before saving settings through
the --save option. This fixes a potential local root exploit when
cdrdao is installed with the +s chmod flag. Using --save now also
forces an early exit after the settings are saved.
Although cdrdao isn't installed setuid root on Debian, no doubt some
people find that an easy option, why it would be very nice if this
release made its way into Debian.
-ukh
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
