85770 – games-puzzle/ltris-1.0.10 Local as-another-user exec

Bug 85770 - games-puzzle/ltris-1.0.10 Local as-another-user exec

Summary: games-puzzle/ltris-1.0.10 Local as-another-user exec

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2? [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2005-03-18 06:01 UTC by Klaus S. Madsen
Modified:	2005-03-20 12:35 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Klaus S. Madsen 2005-03-18 06:01:34 UTC

1.0.10 is available, which fixes a security issue also. See http://lgames.sourceforge.net/index.php?action=show_news&news_action=show_item&item_id=108
for more information.

The ebuild for 1.0.7 works when renamed to the new version.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-03-18 07:57:46 UTC

This allows executing code under other local game user uid, I suppose.
games, please bump

Comment 2 Mr. Bones. (RETIRED) gentoo-dev

2005-03-18 09:26:11 UTC

ltris-1.0.10 added to portage.  The old versions were removed.

You can do your security thing as you like...

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-03-18 10:13:38 UTC

Marked stable on all arches by maintainer.
Ready for GLSA, severity=Normal I would say

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-03-20 12:35:53 UTC

Klaus, thx for the notification.

GLSA 200503-24