112213 CVE-2005-2929 2005-11-11 11:48 0000 www-client/lynx: arbitrary command execution via lynxcgi (CVE-2005-2929) 2008-10-21 14:25:52 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://marc.theaimsgroup.com/?l=full-disclosure&m=113172754719215&w=2 A2 [stable] P2 major --- 1 taviso@gentoo.org security@gentoo.org dmwaters@gentoo.org seemant@gentoo.org taviso@gentoo.org 2005-11-11 11:48:42 0000 dmwaters, please bump to 2.8.6dev.15 asap. solar@gentoo.org 2005-11-11 22:09:30 0000 Created an attachment (id=72720) lynx-2.8.6_pre15.ebuild Here are the changes I had to make in my local tree for this bug. grobian@gentoo.org 2005-11-12 12:44:50 0000 adding ppc-macos to check the patch. ppc-macos keyword is dropped in the patch. grobian@gentoo.org 2005-11-12 13:51:04 0000 Created an attachment (id=72774) ppc-macos changes applying the above patch to the lynx-2.8.6_pre15.ebuild file, cleans up the darwin/osx mess. This new version seems to compile and work fine for ppc-macos without additional tweaks. I tested, and hence added back the ~ppc-macos keyword. seemant@gentoo.org 2005-11-12 17:46:26 0000 arch teams -- please test lynx-2.8.5-r2 and mark stable seemant@gentoo.org 2005-11-12 17:47:10 0000 Fabian -- please make sure ppc-macos is ok with 2.8.5-r2 as well solar@gentoo.org 2005-11-12 18:23:29 0000 silly seemant you asked for arch testing but forgot to ~arch the keywords. I reverted those for you and the arches right quick. I also tested on x86 and it looks pretty good so I left it in stable. ranger@gentoo.org 2005-11-12 18:45:35 0000 ppc64 stable weeve@gentoo.org 2005-11-12 18:49:24 0000 Stable on SPARC hparker@gentoo.org 2005-11-12 19:13:30 0000 amd64 done grobian@gentoo.org 2005-11-13 02:26:14 0000 (In reply to comment #5) > Fabian -- please make sure ppc-macos is ok with 2.8.5-r2 as well At your service! marked 2.8.5-r2 stable and made darwin patch unconditional (getting rid of the conditional in the ebuild) ferdy@gentoo.org 2005-11-13 03:47:40 0000 Alpha happy hansmi@gentoo.org 2005-11-13 03:55:21 0000 Stable on ppc, hppa. koon@gentoo.org 2005-11-13 09:24:15 0000 GLSA 200511-09 arm, ia64, mips, s390 should mark stable to benefit from GLSA seemant@gentoo.org 2005-11-15 11:40:45 0000 ia64 and mips, please do mark stable hardave@gentoo.org 2005-11-20 01:42:18 0000 Stable on mips. 72720 2005-11-11 22:09 0000 lynx-2.8.6_pre15.ebuild lynx-2.8.6_pre15.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA1IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L3d3dy1jbGllbnQvbHlueC9seW54LTIuOC41LXIx LmVidWlsZCx2IDEuMSAyMDA1LzEwLzE3IDExOjU4OjM3IHNlZW1hbnQgRXhwICQKCmluaGVyaXQg ZXV0aWxzIGZsYWctby1tYXRpYwoKU0VDX1Y9MjAwNS0zMTIwCgpNWV9QPSR7UC8tL30KREVTQ1JJ UFRJT049IkFuIGV4Y2VsbGVudCBjb25zb2xlLWJhc2VkIHdlYiBicm93c2VyIHdpdGggc3NsIHN1 cHBvcnQiCkhPTUVQQUdFPSJodHRwOi8vbHlueC5icm93c2VyLm9yZy8iClM9JHtXT1JLRElSfS8k e1BOfSR7UFYvLy4vLX0KCmlmIFtbICIke01ZX1AvX3ByZS99IiA9PSAiJHtNWV9QfSIgXV07IHRo ZW4KCVNSQ19VUkk9ImZ0cDovL2x5bnguaXNjLm9yZy8ke01ZX1B9LyR7TVlfUH0udGFyLmJ6MiIK ZWxzZQoJU1JDX1VSST0iZnRwOi8vbHlueC5pc2Mub3JnL2N1cnJlbnQvJHtNWV9QL19wcmUvZGV2 Ln0udGFyLmJ6MiIKCU1ZX1BWPSR7UFYvLy4vLX0KCVM9JHtXT1JLRElSfS8ke1BOfSR7TVlfUFY6 MDo1fQpmaQoKTElDRU5TRT0iR1BMLTIiClNMT1Q9IjAiCktFWVdPUkRTPSJ+YWxwaGEgfmFtZDY0 IH5hcm0gfmhwcGEgfmlhNjQgfm1pcHMgfnBwYyB+cHBjNjQgfnMzOTAgfnNwYXJjIH54ODYiCiMg cHBjLW1hY29zIGRyb3BwZWQuLiBuZWVkcyBwYXRjaCBsb3ZpbmcKSVVTRT0ic3NsIG5scyBpcHY2 IgoKREVQRU5EPSJzeXMtbGlicy9uY3Vyc2VzCglzeXMtbGlicy96bGliCglubHM/ICggc3lzLWRl dmVsL2dldHRleHQgKQoJc3NsPyAoID49ZGV2LWxpYnMvb3BlbnNzbC0wLjkuNiApIgpQUk9WSURF PSJ2aXJ0dWFsL3RleHRicm93c2VyIgoKc3JjX3VucGFjaygpIHsKCXVucGFjayAke0F9OyBjZCAk e1N9IHx8IGRpZSAiY2hkaXIgJFMiCiMJZXBhdGNoICR7V09SS0RJUn0vJHtQfS1DQU4tJHtTRUNf Vn0ucGF0Y2gKIwl1c2UgdXNlcmxhbmRfRGFyd2luICYmIGVwYXRjaCAke0ZJTEVTRElSfS8ke1B9 LWRhcndpbi5wYXRjaAp9CgpzcmNfY29tcGlsZSgpIHsKCWxvY2FsIG15Y29uZgoJdXNlIHNzbCAm JiBteWNvbmY9IiR7bXljb25mfSAtLXdpdGgtc3NsPXllcyIKCglhcHBlbmQtZmxhZ3MgLURBTlNJ X1ZBUkFSR1MKCgllY29uZiBcCgkJLS1saWJkaXI9L2V0Yy9seW54IFwKCQktLWVuYWJsZS1jZ2kt bGlua3MgXAoJCS0tZW5hYmxlLUVYUF9QRVJTSVNURU5UX0NPT0tJRVMgXAoJCS0tZW5hYmxlLXBy ZXR0eXNyYyBcCgkJLS1lbmFibGUtbnNsLWZvcmsgXAoJCS0tZW5hYmxlLWZpbGUtdXBsb2FkIFwK CQktLWVuYWJsZS1yZWFkLWV0YSBcCgkJLS1lbmFibGUtbGlianMgXAoJCS0tZW5hYmxlLWNvbG9y LXN0eWxlIFwKCQktLWVuYWJsZS1zY3JvbGxiYXIgXAoJCS0tZW5hYmxlLWluY2x1ZGVkLW1zZ3Mg XAoJCS0td2l0aC16bGliIFwKCQkkKHVzZV9lbmFibGUgbmxzKSBcCgkJJCh1c2VfZW5hYmxlIGlw djYpIFwKCQkke215Y29uZn0gfHwgZGllCgoJZW1ha2UgfHwgZGllICJjb21waWxlIHByb2JsZW0i Cn0KCnNyY19pbnN0YWxsKCkgewoJZWluc3RhbGwgbGliZGlyPSR7RH0vZXRjL2x5bnggfHwgZGll CgoJZG9zZWQgInN8XkhFTFBGSUxFLiokfEhFTFBGSUxFOmZpbGU6Ly9sb2NhbGhvc3QvdXNyL3No YXJlL2RvYy8ke1BGfS9seW54X2hlbHAvbHlueF9oZWxwL2x5bnhfaGVscF9tYWluLmh0bWx8IiBc CgkJCS9ldGMvbHlueC9seW54LmNmZwoJZG9kb2MgQ0hBTkdFUyBDT1BZSEVBREVSIElOU1RBTExB VElPTiBQUk9CTEVNUyBSRUFETUUKCWRvY2ludG8gZG9jcwoJZG9kb2MgZG9jcy8qCglkb2NpbnRv IGx5bnhfaGVscAoJZG9kb2MgbHlueF9oZWxwLyoudHh0Cglkb2h0bWwgLXIgbHlueF9oZWxwCgoJ IyBzbWFsbCBsaXR0bGUgbWFucGFnZSBnbGl0Y2gKCXJtICR7RH0vdXNyL3NoYXJlL21hbi9seW54 LjEKCW5ld21hbiBseW54Lm1hbiBseW54LjEKfQo= 72774 2005-11-12 13:51 0000 ppc-macos changes patch text/plain LS0tIGF0dGFjaG1lbnQuY2dpP2lkPTcyNzIwCTIwMDUtMTEtMTIgMjI6NDg6MjEuMDAwMDAwMDAw ICswMTAwCisrKyBseW54LTIuOC42X3ByZTE1LmVidWlsZAkyMDA1LTExLTEyIDIyOjQ4OjQ5LjAw MDAwMDAwMCArMDEwMApAQCAtMjEsOCArMjEsNyBAQAogCiBMSUNFTlNFPSJHUEwtMiIKIFNMT1Q9 IjAiCi1LRVlXT1JEUz0ifmFscGhhIH5hbWQ2NCB+YXJtIH5ocHBhIH5pYTY0IH5taXBzIH5wcGMg fnBwYzY0IH5zMzkwIH5zcGFyYyB+eDg2IgotIyBwcGMtbWFjb3MgZHJvcHBlZC4uIG5lZWRzIHBh dGNoIGxvdmluZworS0VZV09SRFM9In5hbHBoYSB+YW1kNjQgfmFybSB+aHBwYSB+aWE2NCB+bWlw cyB+cHBjIH5wcGMtbWFjb3MgfnBwYzY0IH5zMzkwIH5zcGFyYyB+eDg2IgogSVVTRT0ic3NsIG5s cyBpcHY2IgogCiBERVBFTkQ9InN5cy1saWJzL25jdXJzZXMKQEAgLTM0LDcgKzMzLDYgQEAKIHNy Y191bnBhY2soKSB7CiAJdW5wYWNrICR7QX07IGNkICR7U30gfHwgZGllICJjaGRpciAkUyIKICMJ ZXBhdGNoICR7V09SS0RJUn0vJHtQfS1DQU4tJHtTRUNfVn0ucGF0Y2gKLSMJdXNlIHVzZXJsYW5k X0RhcndpbiAmJiBlcGF0Y2ggJHtGSUxFU0RJUn0vJHtQfS1kYXJ3aW4ucGF0Y2gKIH0KIAogc3Jj X2NvbXBpbGUoKSB7Cg==