Bug#318481: CAN-2005-2180 gen-index file overwrite vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tags 318481 woody quit Not vulnerable in gnats/gnats-user >= 4.0. Vulnerable in gnats/gnats-user < 4.0. drwxr-xr-x 53 root root 12288 Jul 14 09:32 /usr/lib drwxr-xr-x2 root root4096 Mar 7 20:23 /usr/lib/gnats - -rwxr-xr-x1 root r

Processed: Re: Bug#318481: CAN-2005-2180 gen-index file overwrite vulnerability

Processing commands for [EMAIL PROTECTED]: > tags 318481 woody Bug#318481: CAN-2005-2180 gen-index file overwrite vulnerability There were no tags set. Tags added: woody > quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system adminis

Bug#318481: CAN-2005-2180 gen-index file overwrite vulnerability

Package: gnats Severity: grave According to http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2180 : gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, wh