Source: pcp Version: 3.9.2 Severity: serious Tags: security upstream On i386, pcp ships the upstream binary src/pmdas/mmv/mmvdump into /var/lib/pcp/pmdas/mmv/mmvdump without rebuilding it. This violates Debian policy and might be used by upstream to introduce backdoors or other security issues.
-- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
