[Bug 696810] [NEW] RM: pytris -- RoM; security issues; abandoned upstream
Launchpad Bug Tracker
696810 at bugs.launchpad.net
Mon Jan 3 14:34:10 UTC 2011
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Stefano Rivera (stefanor):
Imported from Debian bug 608689:
Package: pytris
Version: 0.98+nmu1
Severity: grave
Tags: security
Justification: user security hole
The setgid wrapper for this game makes no attempt at security.
It can trivially be used to execute code as group games, which can be
used to exploit other players of the game via the score file.
It could be fixed - the security team suggests dropping the shared score
file, and thus the wrapper. However, this package has not seen a
maintainer upload in years, and is stated as being unmaintained by the
author, on his website:
http://korpus.juls.savba.sk/~garabik/software/
I believe the best solution is removal, from unstable, squeeze, and
lenny.
Radovan, are you OK with reassigning this to ftp.debian.org?
SR
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_ZA.UTF-8, LC_CTYPE=en_ZA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pytris depends on:
ii python 2.6.6-3+squeeze4 interactive high-level object-orie
pytris recommends no packages.
pytris suggests no packages.
-- no debconf information
** Affects: pytris (Ubuntu)
Importance: High
Status: Confirmed
** Affects: pytris (Debian)
Importance: Unknown
Status: Unknown
--
RM: pytris -- RoM; security issues; abandoned upstream
https://bugs.launchpad.net/bugs/696810
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list