-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 12 May 2003 17:20:38 +0900 Source: lv Binary: lv Architecture: source i386 Version: 4.49.5-1 Distribution: unstable Urgency: high Maintainer: GOTO Masanori <gotom@debian.or.jp> Changed-By: GOTO Masanori <gotom@debian.or.jp> Description: lv - Powerful Multilingual File Viewer Closes: 181402 Changes: lv (4.49.5-1) unstable; urgency=high . * lv has possible local root exploit problem. lv always reads .lv file in the current directory. So if ill-intentioned user could put an .lv with the line '-E/path/to/malicious/program', any user who uses the v (edit) command in that directory will unwittingly execute the malicious program; this could be exploited to run an arbitrary script with root permissions. This version fixes the problem. Bug found by Leonard Stiles <ljs@uk2.net>. (#190941). * lv does not check environment variable EDITOR or VISUAL, it does not follow debian policy 12.4. This version fixes this problem. Patched by Michael Weber <michaelw@debian.org>. (Closes: #181402) * Fix 'unaligned access to' message from kernel due to unaligned access on 64 bit architecture machine. Files: 9a9f607e60460078273cdada8596379e 563 text optional lv_4.49.5-1.dsc 91ff28865cb67a261259aecc8206cae7 593069 text optional lv_4.49.5.orig.tar.gz 6971270416a2f80ae319bb644614e871 12718 text optional lv_4.49.5-1.diff.gz dc56598c3aa05432c05dbda0c936fedc 416368 text optional lv_4.49.5-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+wQjj9dAn0Xqx8P4RAvjjAKCZ5/bRtdxxmUjfFMPa3i4aqEvsZACfYxTB EbbSfCtbq3W1r0K0rMgwsDY= =oAAb -----END PGP SIGNATURE----- Accepted: lv_4.49.5-1.diff.gz to pool/main/l/lv/lv_4.49.5-1.diff.gz lv_4.49.5-1.dsc to pool/main/l/lv/lv_4.49.5-1.dsc lv_4.49.5-1_i386.deb to pool/main/l/lv/lv_4.49.5-1_i386.deb lv_4.49.5.orig.tar.gz to pool/main/l/lv/lv_4.49.5.orig.tar.gz -- To UNSUBSCRIBE, email to debian-devel-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org