Package: yacas-proteus Version: 1.0.57-2.4 Severity: serious Tags: security
Hello Gopal, yacas-proteus includes a binary with a rpath pointing to /tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib. %chrpath /usr/bin/proteusworksheet /usr/bin/proteusworksheet: RPATH=/tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib This allow an attacker with write access to that directory to add modified libraries which will be loaded when someone else run proteusworksheet. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large blue swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
