Package: dtc-xen Version: 0.2.6-5 Severity: serious Tags: security Hi,
dtc-xen creates files in /etc/dtc-xen in its postinst, in particular ssl private keys, and only after that chmods them. This means that they is a race condition which makes these files readable by anyone. Cheers, Julien
signature.asc
Description: Digital signature