Bug#841257: sendmail: Privilege escalation from group smmsp to (user) root

2016-11-09 Thread paul . szabo
Dear Andreas, > I have a completely untested patch sitting in GIT - do you have a > possibility to test packages built from that? I could replace files, or DEB packages, on some test machines. Do not know whether that testing would be exhaustive: do not know how many features of the sendmail pack

Bug#841257: sendmail: Privilege escalation from group smmsp to (user) root

2016-10-18 Thread paul . szabo
es always have a process like: USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND smmsp 2880 0.0 0.0 11956 3236 ?Ss Oct11 0:00 sendmail: Queue runner@00:10:00 for /var/spool/mqueue-client running. Cheers, Paul Paul Szabo p...@maths.us

Bug#841257: sendmail: Privilege escalation from group smmsp to (user) root

2016-10-18 Thread paul . szabo
Hmm... you may also need to (once) do: chown smmsp /var/run/sendmail/stampdir/reload when adopting my patch. Cheers, Paul

Bug#841257: sendmail: Privilege escalation from group smmsp to (user) root

2016-10-18 Thread Paul Szabo
su smmsp -s /bin/bash -c "touch > $STAMP_DIR/cron_msp"; 912c912 < touch $STAMP_DIR/cron_mta; --- > su smmsp -s /bin/bash -c "touch $STAMP_DIR/cron_mta"; 938c938 <

Bug#584058: opensched: Security bugs in ghostscript

2010-05-31 Thread Paul Szabo
needed. Thanks, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i68

Bug#584057: mpage: Security bugs in ghostscript

2010-05-31 Thread Paul Szabo
package, and fix if needed. Thanks, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architec

Bug#584053: latex-mk: Security bugs in ghostscript

2010-05-31 Thread Paul Szabo
needed. Thanks, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i68

Bug#584000: capisuite: Security bugs in ghostscript

2010-05-31 Thread Paul Szabo
if needed. Thanks, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i68

Bug#583997: bmv: Security bugs in ghostscript

2010-05-31 Thread Paul Szabo
needed. Thanks, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Ker

Bug#511516: hanterm-xf: Window title (DSA-380)

2009-01-11 Thread Paul Szabo
Package: hanterm-xf Version: 1:3.3.1p18-10 Severity: grave Tags: security Justification: user security hole hanterm-xf does not seem vulnerable to DECRQSS (DSA-1694), but is vulnerable to "window title" (DSA-380). Cheers, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.ed

Bug#329156: gnome-pty-helper foo

2008-12-30 Thread Paul Szabo
ut_host only... Cheers, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". T