Package: xfmail Version: 1.5.5.dfsg.1-0.1 Severity: serious Tags: security Hello Florian, xfmail includes a binary /usr/bin/xfmail with a rpath pointing to /tmp/buildd/xfmail-1.5.5.dfsg.1/debian/xfmail/usr/lib/xfmail.
chrpath /usr/bin/xfmail /usr/bin/xfmail: RPATH=/tmp/buildd/xfmail-1.5.5.dfsg.1/debian/xfmail/usr/lib/xfmail:/usr/lib/xfmail This allows an attacker with write access to that directory to add modified libraries which will be loaded when someone else run xfmail. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]