Package: noise Version: 0.3.0-1~experimental1 Severity: grave Tags: security
On amd64, /usr/bin/noise has RPATH set to: /tmp/buildd/noise-0.3.0/obj-x86_64-linux-gnu/core:Since /tmp is world-writable, malicious local user can exploit this RPATH to execute arbitrary code, by planting a crafted library in /tmp/buildd/noise-0.3.0/obj-x86_64-linux-gnu/core.
-- Jakub Wilk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
