Your message dated Wed, 16 Apr 2008 15:14:27 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Filed removal request for tss
has caused the Debian Bug report #475736,
regarding tss: local root exploit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
475736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475736
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: tss
Version: 0.8.1-3
Severity: critical
Tags: security
Justification: root security hole
tss has a setuid binary. The source code is src/main.c:
sprintf(glob_string, "%s/.tss/*", getenv("HOME"));
(before dropping setuid, needless to say)
Helmut
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23.14 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages tss depends on:
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libncurses5 5.6+20080405-1 Shared libraries for terminal hand
tss recommends no packages.
--- End Message ---
--- Begin Message ---
tss is being removed from Debian.
--
أحمد المحمودي (Ahmed El-Mahmoudy)
Digital design engineer
SySDSoft, Inc.
GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net)
GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27
--- End Message ---
