tags 495756 + pending
thanks
Hi Bill!
Please check the bug number you reply, I sent this back to the original
bug report ;-)
On Tue, 26 Aug 2008 14:09:12 +0200, Bill Allombert wrote:
> On Mon, Aug 25, 2008 at 11:54:26PM +0200, Luca Capello wrote:
>> I've added the ECL list to cc:. While I can e
Processing commands for [EMAIL PROTECTED]:
> tags 495756 + pending
Bug#495756: ecl has rpath to insecure location
(/tmp/buildd/ecl-0.9j-20080306/build/)
Tags were: upstream security
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debi
Processing commands for [EMAIL PROTECTED]:
> tags 495756 + upstream
Bug#495756: ecl has rpath to insecure location
(/tmp/buildd/ecl-0.9j-20080306/build/)
Tags were: security
Tags added: upstream
> forwarded 495756 http://thread.gmane.org/gmane.lisp.ecl.general/4253
Bug#495756: ecl has rp
On Mon, Aug 25, 2008 at 11:54 PM, Luca Capello <[EMAIL PROTECTED]> wrote:
> For the ECL list: this is a 'serious' bug in the Debian BTS [1]. For
> the reason why rpath is considered harmful by Debian see [2] and [3].
ECL does not use rpath. The "guessing" of how it works is still in the
autoconf
Hi Bill!
For the ECL list: this is a 'serious' bug in the Debian BTS [1]. For
the reason why rpath is considered harmful by Debian see [2] and [3].
Please don't Cc: me, I read the list. However, please keep the Debian
bug cc:ed (no need to subscribe), I set the M-F-T and R-T to both the
bug and
Package: ecl
Version: 0.9j-20080306-4
Severity: serious
Tags: security
Hello Debian Common Lisp Team,
ecl includes a ELF file /usr/lib/ecl/asdf.fas with a rpath pointing to
/tmp/buildd/ecl-0.9j-20080306/build/.
This allows an attacker with write access to that directory to
add modified libraries
6 matches
Mail list logo