Comment 20 for bug 7373

Message-Id: <email address hidden>
Date: Tue, 20 Jan 2004 13:48:39 -0500
From: Kevin Lindsay <email address hidden>
To: <email address hidden>
Cc: Kevin Lindsay <email address hidden>, R Garth Wood <email address hidden>
Subject: Fixed in NMU of slocate 2.6-1.3.2

tag 226103 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 19 Jan 2004 06:16:54 +0000
Source: slocate
Binary: slocate
Architecture: source i386
Version: 2.6-1.3.2
Distribution: stable-security
Urgency: high
Maintainer: R Garth Wood <email address hidden>
Changed-By: Kevin Lindsay <email address hidden>
Description:
 slocate - a secure locate replacement
Closes: 226103
Changes:
 slocate (2.6-1.3.2) stable-security; urgency=high
 .
   * 'slocate' sgid privileges are now dropped when searching databases that
     are not apart of the 'slocate' group. This will prevent malicious user
     supplied databases from elevating user access to the 'slocate' group.
     See CAN-2003-0848, (closes: #226103)
Files:
 c7f271bba7c5a72afb00d43c23a04b79 550 utils optional slocate_2.6-1.3.2.dsc
 4e7a025fe5ec8239ae851dc68a533332 7956 utils optional slocate_2.6-1.3.2.diff.gz
 f933cdc3212314e1ac466c9c7a475783 25236 utils optional slocate_2.6-1.3.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFADDGKArxCt0PiXR4RAomQAJ9iYTMoK09C2SP2G6s613WKuGWR4wCgpGQ/
DDv+nkZUdDptl1/XVm1xawI=
=hO9d
-----END PGP SIGNATURE-----