Package: finger-ldap Severity: grave Justification: user security hole finger-ldap uses system () but does not untaint ENV. Either do one, or the other.
-- System Information: Debian Release: 3.1 APT prefers testing APT policy: (400, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.18-1-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- Simon Law http://www.law.yi.org/~sfllaw/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]