Mailing the story:

Mandrake alert: Updated slocate packages fix vulnerability

A vulnerability was discovered by Patrik Hornik in slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. This could be exploited by a local user to gain privileges of the 'slocate' group. The updated packages contain a patch from Kevin Lindsay that causes slocate to drop privileges before reading a user-supplied database.
What is your name?

What is your E-Mail address?

What is the email address of the recipient?

Add a special note from yourself?