140490 2006-07-15 07:14 0000 sys-auth/nss_ldap - security cleanup needed 2006-12-01 11:38:49 0000 1 1 1 Unclassified Gentoo Linux Ebuilds 2006.0 All Linux RESOLVED FIXED P2 normal --- 1 jakub@gentoo.org pam-bugs@gentoo.org hansmi@gentoo.org ldap-bugs@gentoo.org robbat2@gentoo.org vorlon@gentoo.org jakub@gentoo.org 2006-07-15 07:14:52 0000 sys-auth/nss_ldap-174-r2: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('sparc', 'x86') sys-auth/nss_ldap-202: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('sparc', 'x86') sys-auth/nss_ldap-207: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('sparc', 'x86') sys-auth/nss_ldap-207-r1: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('sparc', 'x86') sys-auth/nss_ldap-210: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('sparc', 'x86') sys-auth/nss_ldap-211: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('sparc', 'x86') sys-auth/nss_ldap-215: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('amd64', 'sparc', 'x86') sys-auth/nss_ldap-215-r1: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('amd64', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/nss_ldap-220: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('alpha', 'amd64', 'hppa', 'ppc', 'ppc64', 'sparc', 'x86') sys-auth/nss_ldap-226: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('alpha', 'amd64', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/nss_ldap-234: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('alpha', 'amd64', 'hppa', 'ppc', 'ppc64', 'sparc', 'x86') sys-auth/nss_ldap-238: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('alpha', 'amd64', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/nss_ldap-239: vulnerable via glsa(200507-13) ( ver-rev < 239-r1 && not ( ver = 226 && ver-rev => 226-r1 ) ), affects ('alpha', 'amd64', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-156: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('amd64', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-156: vulnerable via glsa(200507-13) ( ver-rev < 178-r1 ), affects ('amd64', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-161: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('sparc', 'x86') sys-auth/pam_ldap-161: vulnerable via glsa(200507-13) ( ver-rev < 178-r1 ), affects ('sparc', 'x86') sys-auth/pam_ldap-164: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('sparc', 'x86') sys-auth/pam_ldap-164: vulnerable via glsa(200507-13) ( ver-rev < 178-r1 ), affects ('sparc', 'x86') sys-auth/pam_ldap-167: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-167: vulnerable via glsa(200507-13) ( ver-rev < 178-r1 ), affects ('hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-171: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('alpha', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-171: vulnerable via glsa(200507-13) ( ver-rev < 178-r1 ), affects ('alpha', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-176: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('alpha', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-176: vulnerable via glsa(200507-13) ( ver-rev < 178-r1 ), affects ('alpha', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-176-r1: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('alpha', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-176-r1: vulnerable via glsa(200507-13) ( ver-rev < 178-r1 ), affects ('alpha', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-178: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('alpha', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-178: vulnerable via glsa(200507-13) ( ver-rev < 178-r1 ), affects ('alpha', 'hppa', 'ppc', 'sparc', 'x86') sys-auth/pam_ldap-178-r1: vulnerable via glsa(200508-22) ( ver < 180 ), affects ('alpha', 'amd64', 'hppa', 'ppc', 'ppc64', 'sparc', 'x86') sys-auth/pam_mysql-0.5: vulnerable via glsa(200606-18) ( ver < 0.7_rc1 ), affects ('alpha', 'amd64', 'ppc', 'sparc', 'x86') sys-auth/pam_mysql-0.6.0: vulnerable via glsa(200606-18) ( ver < 0.7_rc1 ), affects ('alpha', 'amd64', 'ppc', 'sparc', 'x86') Please, clean up the above. Thanks. chtekk@gentoo.org 2006-07-15 08:34:36 0000 All vulnerable pam-mysql releases deleted. Best regards, CHTEKK. jakub@gentoo.org 2006-09-02 16:55:59 0000 Please, do it... hansmi@gentoo.org 2006-09-19 12:58:13 0000 <hansmi> robbat2: Should I clean up nss_ldap and bump to 253? (Just tested the latter one) <robbat2> there are folk still reporting problems with the new ones, and they are finding a need to use the old ones still <robbat2> i'm certain it's upstream buggery, but I haven't managed to trace it down yet Hence it isn't cleaned yet. vorlon@gentoo.org 2006-10-11 06:19:59 0000 The older versions should really be removed if possible, since there is also another issue affecting those (s. bug #150294). flameeyes@gentoo.org 2006-10-12 09:27:16 0000 I've removed old pam_ldap versions at least.. nss_ldap is, as Robin said, still there. jakub@gentoo.org 2006-12-01 11:38:49 0000 All done, wheeeeee! :)