First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 120106
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: SpanKY <vapier@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 120106 depends on: Show dependency tree
Bug 120106 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-01-23 15:07 0000 
i'm pretty sure this doesnt affect anything in the portage tree (outside of
libast itself) ... Eterm for sure isnt setid anything

ive already added 0.7 to portage

Release Notes:
--------------

This release also contains a security fix for CVE-2006-0224, a buffer
overflow vulnerability discovered by Rosiello Security
(www.rosiello.org) which could lead to privilege escalation in
setuid/setgid applications using LibAST's configuration engine.  This
includes any platforms on which Eterm is setuid/setgid (e.g., setgid
utmp).  Thanks to Angelo Rosiello and his team for discovering this
issue and coordinating with me for the fix and release.

More details on the vulnerability are available at
http://www.rosiello.org/en/read_bugs.php?id=25

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-01-23 15:27:59 0000 ------- 
arches, pls test and mark stable, thx

... bah, this phrase is getting annoying, i need to find cool alternatives ...

------- Comment #2 From Markus Rothe 2006-01-23 22:36:16 0000 ------- 
stable on ppc64

------- Comment #3 From Tobias Scherbaum 2006-01-24 05:49:53 0000 ------- 
ppc stable

------- Comment #4 From René Nussbaumer 2006-01-24 06:28:17 0000 ------- 
Stable on hppa

------- Comment #5 From Gustavo Zacarias (RETIRED) 2006-01-24 07:34:01 0000 ------- 
sparc stable.

------- Comment #6 From Joshua Jackson 2006-01-24 23:23:20 0000 ------- 
stable on x86

------- Comment #7 From Luis Medinas (RETIRED) 2006-01-25 02:52:40 0000 ------- 
amd64 done

------- Comment #8 From Bryan Østergaard (RETIRED) 2006-01-25 13:41:43 0000 ------- 
Stable on alpha + ia64.

------- Comment #9 From Stefan Cornelius (RETIRED) 2006-01-25 13:44:05 0000 ------- 
ready for glsa

------- Comment #10 From Sune Kloppenborg Jeppesen 2006-01-29 06:59:25 0000 ------- 
GLSA 200601-14
First Last Prev Next    No search results available      Search page      Enter new bug