Package: libc-client2002edebian Version: 7:2002edebian1-11 Severity: important
libc-client has a patch in Debian (debian/patches/10_disallow_escaping_home.diff) that sets the restrictBox variable to maximum restriction by default. While probably OK in the context of uw-imapd, this patch breaks libc-client for many other types of applications. libc-client is a shared library, used by uw-mailutils, mailsync, and libmail-cclient-perl, and so the added security should (and could) be done at runtime for uw-imapd specifically, not by patching the source of libc-client. (pine would be affected too if it wasn't shipped with its own copy of libc-client.) This might sound like a minor problem, but I just spent more than six hours trying to find out why mailutil was not working. Not a word about this in /usr/share/doc/libc-client2002edebian, either. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-2-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages libc-client2002edebian depends on: ii debconf 1.4.52 Debian configuration management sy ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libcomerr2 1.37-2sarge1 common error description library ii libkrb53 1.3.6-4 MIT Kerberos runtime libraries ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii mlock 7:2002edebian1-11 Mailbox locking program from UW libc-client2002edebian recommends no packages. -- debconf information: * libc-client/no_maildir_warning: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
