Shaun Colley discovered a buffer overflow in sharutils <= 2.5.5 when using the -o option. See http://www.spinics.net/lists/bugtraq/msg11869.html and http://www.spinics.net/lists/bugtraq/msg11898.html for details.
Oops. That must be sharutils <= 4.2.1. Must have gotten 2.5.5. from another package that I was looking at earlier.
Created attachment 100229 [details] Option -o patch Patch taken from SuSE 9.0 sharutils-4.2c-718.src.rpm. Modified header so it patches using -p1 instead of -p0. Note that the patch in the original announcement (http://www.spinics.net/lists/bugtraq/msg11869.html) is incorrect (see http://www.spinics.net/lists/bugtraq/msg11898.html).
Downgrading severity; buffer overflow in non setuid/gid program.
I am not aware of the criteria you use for this. Are these described somewhere? They seem to be different from the explanation of "Severity" in the bugzilla form help. I must say that if this can be (remotely) exploited to gain a shell it might be used as a stepping stone to exploit an unplugged local root exploit. It should be fixed asap.
it's now fixed in sharutils-4_2_1-19, which will be showed up in rawhide soon
What kind of version is that, 4_2_1? Are the underscores here to stay? With rawhide you also mean FC1 testing? Or are you just releasing it for FC2?