Package: gnats Severity: grave According to http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2180 :
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. This has been assigned CAN-2005-2180, and gen-index seems to default to setuid root in Debian. -- see shy jo
signature.asc
Description: Digital signature
