CVE-2006-1319

Name	CVE-2006-1319
Description	chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	356016

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
runit (PTS)	bullseye	2.1.2-41	fixed
	bookworm	2.1.2-54	fixed
	sid, trixie	2.1.2-60	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
runit	source	sarge	(not affected)
runit	source	(unstable)	1.4.1-1	medium		356016