[Pkg-utopia-maintainers] Bug#726645: dbus: tiger reports vulnerability with dbus-daemon-launch-helper
Ian Bolton
ibolton at quoininc.com
Thu Oct 17 16:43:17 UTC 2013
Package: dbus
Version: 1.6.16-1
Severity: normal
The tiger script check_suid does the equivalent of:
strings dbus-daemon-launch-helper | grep -E '\.\./'
And finds:
../../dbus/dbus-connection.c
../../dbus/dbus-errors.c
../../dbus/dbus-message.c
../../dbus/dbus-pending-call.c
../../dbus/dbus-signature.c
../../dbus/dbus-watch.c
../../dbus/dbus-bus.c
../../dbus/dbus-server.c
Please remove these strings.
Thanks,
Ian
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.10-3-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dbus depends on:
ii adduser 3.113+nmu3
ii libc6 2.17-93
ii libdbus-1-3 1.6.16-1
ii libexpat1 2.1.0-4
ii libselinux1 2.1.13-3
ii libsystemd-login0 204-5
ii lsb-base 4.1+Debian12
dbus recommends no packages.
Versions of packages dbus suggests:
ii dbus-x11 1.6.16-1
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list