Package: dietlibc-dev Version: 0.33~cvs20120325-4 Severity: important Tags: jessie sid security upstream
(Putting this in the BTS to make tracking this issue easier.) Thorsten Glaser discovered that the default PATH in dietlibc (if the environment variable is unset) contains the current working directory, which is a security problem. See also: https://security-tracker.debian.org/tracker/TEMP-0000000-0F9220 http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de Regards, Christian
