Package: lshell Version: 0.9.8-1 Severity: grave Tags: security Justification: user security hole
In example I can run "echo $(/bin/sh)" or "echo $(/bin/su)", or every other command. Best Regards, Piotr PS: Sorry for my English. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (990, 'stable'), (800, 'testing'), (100, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages lshell depends on: ii adduser 3.110 add and remove users and groups ii python 2.5.4-9 An interactive high-level object-o ii python-support 1.0.6 automated rebuilding support for P lshell recommends no packages. lshell suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
