Package: lesstif2 Version: 1:0.94.4-2 Severity: normal Tags: security
See http://secunia.com/advisories/21428/ The vulnerability is caused due to the libXm library allowing users to specify a file for writing debug output to via the "DEBUG_FILE" environment variable. By running a setuid binary linked against a vulnerable libXm library, this can be exploited to create world-writable files with the effective user id of the binary. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
