Package: ecl Version: 0.9j-20080306-4 Severity: serious Tags: security Hello Debian Common Lisp Team, ecl includes a ELF file /usr/lib/ecl/asdf.fas with a rpath pointing to /tmp/buildd/ecl-0.9j-20080306/build/.
This allows an attacker with write access to that directory to add modified libraries which will be loaded when someone else run ecl. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. _______________________________________________ pkg-common-lisp-devel mailing list pkg-common-lisp-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-common-lisp-devel
