Package: yacas Version: 1.0.57-2.4 Severity: serious Tags: security Hello Gopal, yacas includes a binary with a rpath pointing to /tmp/yacas/usr/bin/yacas.
chrpath /usr/bin/yacas /usr/bin/yacas: RPATH=/tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib This allows an attacker with write access to that directory to add modified libraries which will be loaded when someone else run yacas. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large blue swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
