Package: xfree86 Severity: critical Tags: security Justification: root security hole
Good day, I'm reviewing the list of 2002 CVEs to check if there is still some known vulnerables packages in testing. In CVE-2002-1472 it is written : | libX11.so in xfree86, when used in setuid or setgid programs, allows | local users to gain root privileges via a modified LD_PRELOAD | environment variable that points to a malicious module. According to http://www.securityfocus.com/bid/5735/info/ this was fixed in xfree86 4.2.1 so testing and unstable are not vulnerable. As I can't see any reference to this issue in stable changelog I think woody version is still vulnerable. Regards. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: powerpc (ppc) Kernel: Linux 2.6.9-rfb-swsusp Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)