I have just posted cbi-package-config-*-4 for use with Fedora Core 4 and
5. Releases prior to this one contained a security bug that lets
unprivileged local users alter the RPM repository configuration. Please
upgrade immediately:
<http://www.cs.wisc.edu/cbi/downloads/rpm/fedora-4-i386/RPMS.tools/cbi-package-config-4-4.i386.rpm>
<http://www.cs.wisc.edu/cbi/downloads/rpm/fedora-5-i386/RPMS.tools/cbi-package-config-5-4.i386.rpm>
For additional reassurance, you may want to verify that the upgraded
package's files are correct *after* upgrading:
% su
# rpm --verify cbi-package-config
I apologize for this inconvenience, and sheepishly point out that this
is the first security error to arise in CBI's history.
-- Ben