Package: hplip Version: 0.8.7-2 Severity: grave Justification: user security hole
.hplip.conf is created in 666 mode. Since this conf file contains commands which may be launched using the user's right it can be used to cause unwanted process gain access to user's data, by putting specially crafted wrappers in the [commands] section. Solution is to create this file in 600 mode. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9-2-k7 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages hplip depends on: ii cupsys 1.1.23-3 Common UNIX Printing System(tm) - ii hplip-data 0.8.7-2 HP Linux Printing and Imaging - da ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libcupsys2-gnutls10 1.1.23-3 Common UNIX Printing System(tm) - ii libgcc1 1:3.4.3-7 GCC support library ii libsnmp5 5.1.2-6 NET SNMP (Simple Network Managemen ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii libstdc++5 1:3.3.5-7 The GNU Standard C++ Library v3 ii python 2.3.4-6 An interactive high-level object-o ii python-qt3 3.13-4 Qt3 bindings for Python (default v -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
