severity 158637 important thanks On Sat, Sep 21, 2002 at 02:38:55PM +0200, Michael Banck wrote: > tags 158637 + patch > thanks > > As I stated, debian's linuxconf package should not be vulnerable, as it > is not installed setuid root. > > Nevertheless, I've backported the patch from the latest upstream > version, which makes the exploit[1] fail even if you happen to set > linuxconf setuid root.
Would you mind uploading this? linuxconf is orphaned, and nobody has yet offered to maintain it. Since, as you say, we don't install linuxconf setuid root, I've downgraded the bug in the meantime. Thanks, -- Colin Watson [EMAIL PROTECTED]