Gentoo Bug 85766 - sys-devel/gettext: tempfile vuln back in 1.4.1

First Last Prev Next No search results available Search page Enter new bug

Bug#:	85766
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Luke Macken (RETIRED) <lewk@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 85766 depends on:			Show dependency tree Show dependency graph
Bug 85766 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-03-18 05:32 0000

gettext-0.14.2/NEWS:

* Security fixes.

------- Comment #1 From Luke Macken (RETIRED) 2005-03-18 05:34:34 0000 -------

base-system, please advise.

------- Comment #2 From Luke Macken (RETIRED) 2005-03-18 06:04:39 0000 -------

Hmm.. this could very well be a dupe of Bug #66355.

------- Comment #3 From SpanKY 2005-03-18 06:16:56 0000 -------

yes, i do believe it is, but now that we have gettext-0.14.1 unmasked, we need
to consider this again

i think this is my fault ... the original reason for masking 0.14.1 was due to
Bug  66449 and once i resolved that, i unmasked it again, having forgotten
about Bug 66355

i need to touch up 0.14.2 a bit before we can consider it for stable (bogues
`make check` failures)

------- Comment #4 From Thierry Carrez (RETIRED) 2005-03-25 05:36:21 0000 -------

vapier: any progress ?

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-04-15 23:07:38 0000 -------

Ok, trying the other one. SpanKY any progress on this one?

------- Comment #6 From SpanKY 2005-04-19 21:34:51 0000 -------

0.14.1-r1 with patch from Bug 66355 and KEYWORDS have been carried forward from
0.14.1 unchanged so we dont need to bother arch maintainers ...

------- Comment #7 From Sune Kloppenborg Jeppesen 2005-04-19 21:59:48 0000 -------

Thx SpanKY

This one is ready for GLSA, perhaps as an update to GLSA 200410-10?

------- Comment #8 From SpanKY 2005-04-19 22:13:21 0000 -------

i think an update would be best

------- Comment #9 From Thierry Carrez (RETIRED) 2005-04-21 00:47:19 0000 -------

If I understand correctly:

Currently the 200410-10 GLSA says :
Vulnerable:  <0.12.1-r2
Unaffected: >=0.12.1-r2

and we need to upgrade that GLSA to:
Vulnerable:   <0.14.1-r1
Unaffected:  >=0.14.1-r1
Unaffected: *>=0.12.1-r2

------- Comment #10 From SpanKY 2005-04-21 05:48:20 0000 -------

sounds about right

------- Comment #11 From Sune Kloppenborg Jeppesen 2005-04-22 05:15:35 0000 -------

Fixed with GLSA 200410-10 Update

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 85766

sys-devel/gettext: tempfile vuln back in 1.4.1

Last modified: 2005-04-22 05:15:35 0000