Package: libnspr4-0d Version: 1.8.0.8-1 Severity: grave Tags: security
A vulnerability has been found in libnspr. From [1] : "NSPR logging is controlled with a couple of environment variables, one to enable it, and a second to control the name of the log file. This appears to all work in "optimized" (non-debug) builds. So, if any setuid root program is linked with NSPR, any user can clobber any file on the system (any root writable file) by setting NSPR's environment variables to log to that file, and then running a setuid root program linked with NSPR." I couldn't find any setuid binary in Debian that links against libnspr but there is "camel-lock-helper-1.2" in evolution-data-server which is setgid mail. AFAICS the above argument works also with setgid binaries. So this might allow to overwrite other people's mail if evolution-data-server is installed. The fix in [1] seems to only fix the setuid case. I am not sure whether this bug should be RC. Feel free to downgrade if you don't think so. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=351470 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
