Package: cdrdao Version: 1.1.9-3 Tags: security Severity: important >From the new upstream 1.2.0 ChangeLog:
o SECURITY FIX: cdrdao now gives up its root privileges after setting up real-time scheduling, as well as before saving settings through the --save option. This fixes a potential local root exploit when cdrdao is installed with the +s chmod flag. Using --save now also forces an early exit after the settings are saved. Although cdrdao isn't installed setuid root on Debian, no doubt some people find that an easy option, why it would be very nice if this release made its way into Debian. -ukh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]