Package: bitlbee Version: 1.2.1-1 Severity: grave Tags: security Justification: user security hole
Since the fix to Mickey Mouse bug report 474589, BitlBee is runing as root for most people, since the "User =" line is commented out by default. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.16.60-xen (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages bitlbee depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii debianutils 2.30 Miscellaneous utilities specific t ii libc6 2.7-10 GNU C Library: Shared libraries ii libevent1 1.3e-3 An asynchronous event notification ii libglib2.0-0 2.16.4-2 The GLib library of C routines ii libgnutls26 2.4.1-1 the GNU TLS library - runtime libr ii net-tools 1.60-19 The NET-3 networking toolkit bitlbee recommends no packages. bitlbee suggests no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]