-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 02 Jan 2004 19:37:26 +0000 Source: vbox3 Binary: vbox3 Architecture: hppa Version: 0.1.7.1 Distribution: stable Urgency: high Maintainer: Debian/HPPA non-US Build Daemon Changed-By: Gerrit Pape Description: vbox3 - voice response system for isdn4linux Changes: vbox3 (0.1.7.1) stable; urgency=high . * vboxgetty/voice.c: bug: permissions were not dropped accurately before running user-controlled tclscript; a user was able to gain root permissions through the tclscript. fix: fork(), setgid(), setuid() before running tclscript, and let main process wait for child. See bug #218288. Files: 288deba9ca2438de25e3657a84814353 36484 utils extra vbox3_0.1.7.1_hppa.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/+NWizN/kmwoKyScRAi9qAJwLR9ELb8/BXAQhic3SX/DjM6yFNwCfR7Nq b8klcOXNRFUcSOobs5UHOfY= =EcRA -----END PGP SIGNATURE-----