Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 140493 - www-servers/monkeyd - security cleanup needed
Summary: www-servers/monkeyd - security cleanup needed
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: www-servers Herd (OBSOLETE)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-15 07:24 UTC by Jakub Moc (RETIRED)
Modified: 2006-07-24 11:33 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Moc (RETIRED) gentoo-dev 2006-07-15 07:24:07 UTC 
www-servers/monkeyd-0.9.0-r1: vulnerable via glsa(200504-14) ( ver < 0.9.1 ), affects ('amd64', 'ppc', 'sparc', 'x86')

www-servers/pound-1.10: vulnerable via glsa(200606-05) ( ver < 2.0.5 ), affects ('alpha', 'amd64', 'hppa', 'mips', 'ppc', 'sparc', 'x86')

Please, clean up the above. Thanks.
Comment 1 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev 2006-07-19 11:19:31 UTC 
www-servers/pound is clean - the GLSA is wrong... the vulnerable version is < 1.9.4 (+ some of the 2.0.x releases) as seen in the original bug #118541

thanks anyway
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-07-19 11:29:05 UTC 
@security: Please, fix GLSA 200606-05...
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-24 06:46:34 UTC 
Fixed for the 1.9.4 series. Due to glsa-check stuff 1.9.5 will have to be added to the GLSA should it ever be released.
Comment 4 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev 2006-07-24 07:30:01 UTC 
1.9.5 is probably not going to happen - 1.10 was a maintenance release (addressing the issue at hand), while development happens on 2.x...

thanks
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-24 08:40:00 UTC 
Then I guess this one could be closed as FIXED.
Comment 6 Jakub Moc (RETIRED) gentoo-dev 2006-07-24 08:43:13 UTC 
(In reply to comment #5)
> Then I guess this one could be closed as FIXED.

Still need to punt the vulnerable monkeyd ebuild.
Comment 7 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev 2006-07-24 11:33:14 UTC 
fixed in cvs - thanks