Package: libtunepimp-perl Version: 0.4.2-1 Severity: grave Tags: security Hello Robert,
tunepimp.so has a rpath pointing to /tmp: %chrpath usr/lib/perl5/auto/MusicBrainz/Tunepimp/tunepimp/tunepimp.so usr/lib/perl5/auto/MusicBrainz/Tunepimp/tunepimp/tunepimp.so: RPATH=/tmp/buildd/libtunepimp-0.4.2/perl/tunepimp-perl/../../lib/.libs Since /tmp/ is user-writable, this allow local users to install libraries that will be linked by tunepimp.so. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
