120106 2006-01-23 15:07 0000 x11-libs/libast: 0.7 fixes buffer overflow (CVE-2006-0224) 2006-01-29 06:59:25 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All All RESOLVED FIXED http://article.gmane.org/gmane.comp.window-managers.enlightenment.announce/9 C1 [glsa ] DerCorny P2 normal --- 1 vapier@gentoo.org security@gentoo.org wolf31o2@gentoo.org vapier@gentoo.org 2006-01-23 15:07:59 0000 i'm pretty sure this doesnt affect anything in the portage tree (outside of libast itself) ... Eterm for sure isnt setid anything ive already added 0.7 to portage Release Notes: -------------- This release also contains a security fix for CVE-2006-0224, a buffer overflow vulnerability discovered by Rosiello Security (www.rosiello.org) which could lead to privilege escalation in setuid/setgid applications using LibAST's configuration engine. This includes any platforms on which Eterm is setuid/setgid (e.g., setgid utmp). Thanks to Angelo Rosiello and his team for discovering this issue and coordinating with me for the fix and release. More details on the vulnerability are available at http://www.rosiello.org/en/read_bugs.php?id=25 dercorny@gentoo.org 2006-01-23 15:27:59 0000 arches, pls test and mark stable, thx ... bah, this phrase is getting annoying, i need to find cool alternatives ... corsair@gentoo.org 2006-01-23 22:36:16 0000 stable on ppc64 dertobi123@gentoo.org 2006-01-24 05:49:53 0000 ppc stable killerfox@gentoo.org 2006-01-24 06:28:17 0000 Stable on hppa gustavoz@gentoo.org 2006-01-24 07:34:01 0000 sparc stable. tsunam@gentoo.org 2006-01-24 23:23:20 0000 stable on x86 metalgod@gentoo.org 2006-01-25 02:52:40 0000 amd64 done kloeri@gentoo.org 2006-01-25 13:41:43 0000 Stable on alpha + ia64. dercorny@gentoo.org 2006-01-25 13:44:05 0000 ready for glsa jaervosz@gentoo.org 2006-01-29 06:59:25 0000 GLSA 200601-14