Package: realtime-lsm-source Version: 0.8.7-1 Severity: critical Tags: security Justification: root security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The package contains a tar file that when unpacked by module-assistant produces a series of files owned by user 1017 and group 1001, instead of root, as it should. This is bad practise in general. Furthermore, given that this is a kernel module, it gives that user the chance to introduce malicious code into the kernel. - -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-ck1 Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Versions of packages realtime-lsm-source depends on: ii bzip2 1.0.3-3 high-quality block-sorting file co ii debhelper 5.0.37.3 helper programs for debian/rules ii kernel-package 10.049 A utility for building Linux kerne realtime-lsm-source recommends no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE2b96823633cP2P8RAmaBAKCc+2SnuLMR7RsjLwQ/rDArY8rVawCdEvUp rY7ATCYdfmBHH4yJve/f1HM= =8SdB -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]