Package: libgcrypt11 Version: 1.4.4-6 Severity: normal Hi,
the function lock_pool from src/secmem.c has the side effect of changing user ids if real uid != effective uid. This causes strange behaviour in other programs: A program using libnss-ldap for querying group membership with SSL enabled, but without nscd might suddenly change the user id when calling getgroups (or initgroups). An example for this is the atd daemon[1]. Regards, Ansgar [1] https://bugs.launchpad.net/bugs/509734 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (900, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgcrypt11 depends on: ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libgpg-error0 1.6-1 library for common error values an libgcrypt11 recommends no packages. Versions of packages libgcrypt11 suggests: pn rng-tools <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
