174043 2007-04-10 16:13 0000 www-servers/lighttpd: CRLF parsing and 0-mtime DoS (CVE-2007-18{69|70}) 2007-06-24 23:55:42 0000 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://www.lighttpd.net/2007/4/13/lighttpd-1-4-14-released B3 [glsa] Falco P2 minor --- 1 falco@gentoo.org security@gentoo.org bernd@linx.net chainsaw@gentoo.org lars@chaotika.org mips@gentoo.org robbat2@gentoo.org www-servers@gentoo.org falco@gentoo.org 2007-04-10 16:13:45 0000 CVE-2007-1869 - \r\n\r\n parsing DoS CVE-2007-1870 - 0 mtime null pointer dereference Pre-release: http://www.lighttpd.net/assets/2007/4/4/lighttpd-1.4.x.r1719.tar.gz Release: within a few days, now still confidential. jaervosz@gentoo.org 2007-04-13 16:26:04 0000 This one is public now. www-servers please bump. bangert@gentoo.org 2007-04-13 17:55:22 0000 robbat2: you seem to have touched lighttpd alot lately. care to give your input? the following patch seems to make it work for me: --- lighttpd-1.4.13-r3.ebuild 2007-04-10 12:34:20.000000000 +0200 +++ lighttpd-1.4.14.ebuild 2007-04-13 19:46:52.000000000 +0200 @@ -8,7 +8,7 @@ DESCRIPTION="Lightweight high-performance web server" HOMEPAGE="http://www.lighttpd.net/" -SRC_URI="http://www.lighttpd.net/download/${P}.tar.gz" +SRC_URI="http://www.lighttpd.net/assets/2007/4/13/${P}.tar.bz2" LICENSE="BSD" SLOT="0" @@ -101,7 +101,7 @@ unpack ${A} cd ${S} - EPATCH_SUFFIX="diff" EPATCH_OPTS="-p1 -l -d ${S}" epatch ${FILESDIR}/${PV} || die "Patching failed!" eautoreconf || die thanks bangert@gentoo.org 2007-04-14 20:35:21 0000 lighttpd-1.4.15 is in the tree (almost) all archs are asked to mark it stable. thanks! falco@gentoo.org 2007-04-14 20:37:35 0000 thanks Thilo. Indeed, arches, please could you test lighttpd-1.4.15 and mark it stable if the tests are fine. thanks. jer@gentoo.org 2007-04-14 22:18:51 0000 Stable for HPPA. Would someone keywording sparc-fbsd kindly fix all this stuff below, thanks. I haven't done a complete cvs up but I checked a couple of the missing dependencies and nothing seems to have happened in favour of sparc-fbsd since the last version of lighttpd needed keywording. DEPEND.badindev 12 www-servers/lighttpd/lighttpd-1.4.13-r1.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['dev-libs/fcgi', 'dev-lang/php', 'sys-fs/e2fsprogs', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26', 'virtual/perl-Test-Harness'] www-servers/lighttpd/lighttpd-1.4.13-r1.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.13-r3.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['dev-libs/fcgi', 'dev-lang/php', 'sys-fs/e2fsprogs', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26', 'virtual/perl-Test-Harness'] www-servers/lighttpd/lighttpd-1.4.13-r3.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.11.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['dev-libs/fcgi', 'dev-lang/php', '>=net-nds/openldap-2.1.26', 'net-analyzer/rrdtool', 'virtual/perl-Test-Harness'] www-servers/lighttpd/lighttpd-1.4.11.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.13.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['dev-libs/fcgi', 'dev-lang/php', '>=net-nds/openldap-2.1.26', 'net-analyzer/rrdtool', 'virtual/perl-Test-Harness'] www-servers/lighttpd/lighttpd-1.4.13.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.15.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['dev-libs/fcgi', 'dev-lang/php', 'sys-fs/e2fsprogs', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26', 'virtual/perl-Test-Harness'] www-servers/lighttpd/lighttpd-1.4.15.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.13-r2.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['dev-libs/fcgi', 'dev-lang/php', 'sys-fs/e2fsprogs', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26', 'virtual/perl-Test-Harness'] www-servers/lighttpd/lighttpd-1.4.13-r2.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] RDEPEND.badindev 12 www-servers/lighttpd/lighttpd-1.4.13-r1.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['sys-fs/e2fsprogs', 'dev-lang/php', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26'] www-servers/lighttpd/lighttpd-1.4.13-r1.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.13-r3.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['sys-fs/e2fsprogs', 'dev-lang/php', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26'] www-servers/lighttpd/lighttpd-1.4.13-r3.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.11.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['dev-lang/php', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26'] www-servers/lighttpd/lighttpd-1.4.11.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.13.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['dev-lang/php', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26'] www-servers/lighttpd/lighttpd-1.4.13.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.15.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['sys-fs/e2fsprogs', 'dev-lang/php', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26'] www-servers/lighttpd/lighttpd-1.4.15.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] www-servers/lighttpd/lighttpd-1.4.13-r2.ebuild: ~sparc-fbsd(default-bsd/fbsd/6.2/sparc) ['sys-fs/e2fsprogs', 'dev-lang/php', 'net-analyzer/rrdtool', '>=net-nds/openldap-2.1.26'] www-servers/lighttpd/lighttpd-1.4.13-r2.ebuild: ~x86-fbsd(default-bsd/fbsd/6.2/x86) ['dev-libs/libmemcache', 'net-analyzer/rrdtool'] robbat2@gentoo.org 2007-04-14 22:26:36 0000 There's another blip with lighttpd that I'm aware of, relating to the startup and not dropping the terminal properly (it was only exposed due to other cleanups in .13-r3). Either we rebase 1.4.15 to 1.4.13-r2 that has a workaround for it, or we hold off a bit. bangert@gentoo.org 2007-04-14 23:06:44 0000 robbat2: you're the boss! i took the latest thing in there, expecting it to be the latest and greatest... AFAICT the difference between .13-r2 and .14-r3 is the init.d file, which removes the --background from start-stop-daemon.... so perhaps we should just put that back in (which would be the rebase you were talking about) jaervosz@gentoo.org 2007-04-15 04:47:45 0000 Back to ebuild status to get the init script fixed. bangert@gentoo.org 2007-04-15 11:16:34 0000 well, i can't reproduce the backgrounding isssue to begin with. anyway - 1.4.15 now installs the .13-r2 init.d. robbat2: can you please confirm that the 'blip' is resolved? robbat2@gentoo.org 2007-04-15 11:33:45 0000 yup, your .15 based on -r2 works fine (no blip). thanks for getting to it before I did. I only picked up lighttpd because beu was AWOL. bangert@gentoo.org 2007-04-15 12:08:04 0000 thanks robbat2! i only picked up lighttpd because of the security thing... (as i did about a year ago)... are we back to stable marking then? it got my go! robbat2@gentoo.org 2007-04-15 12:17:24 0000 yup, good to add arches again. jaervosz@gentoo.org 2007-04-15 14:49:45 0000 Sorry for the lag, enjoying a nice spring day here:) Arches please test and mark stable. Target keywords are: lighttpd-1.4.15.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc ~sparc-fbsd x86 ~x86-fbsd" jer@gentoo.org 2007-04-15 15:02:36 0000 Still stable for HPPA. angelos@gentoo.org 2007-04-15 15:52:48 0000 the same tests as usual fail: ./mod-rewrite.........# status failed: expected '200', got '404' ./mod-fastcgi.........# status failed: expected '200', got '404' but still works on amd64 Portage 2.1.2.2 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.20-beyond2 x86_64) ================================================================= System uname: 2.6.20-beyond2 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Gentoo Base System release 1.12.9 Timestamp of tree: Sun, 15 Apr 2007 14:20:01 +0000 ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31-r5 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.15-r1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -Os -pipe -msse3 -w" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-march=k8 -Os -pipe -msse3 -w" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--quiet" FEATURES="buildsyspkg ccache collision-protect distlocks metadata-transfer multilib-strict nodoc noinfo parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ " LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" MAKEOPTS="-j3 -l3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/overlay" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac acpi alsa amd64 amr audiofile bitmap-fonts bzip2 cairo cdinstall cdr cli cracklib crypt cups dbus dri dts dvd dvdr dvdread emboss encode exif fam firefox fortran gdbm gif gstreamer gtk gtk2 hal iconv jpeg libg++ lirc logrotate mad midi mikmod minimal mp3 mpeg ncurses nptl nptlonly offensive ogg opengl pam pcre php png ppds pppd quicktime readline reflection sdl session smp spl ssl svg symlink tcpd test tiff truetype truetype-fonts type1-fonts unicode v4l vim vorbis x264 xinerama xorg xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="inputlirc" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CTARGET, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS monkeh@monkeh.net 2007-04-15 17:14:33 0000 Same test failures as Christoph on x86, but otherwise works perfectly. Portage 2.1.2.2 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.5-r0, 2.6.20-gentoo-r4 i686) ================================================================= System uname: 2.6.20-gentoo-r4 i686 AMD Athlon(tm) MP 2400+ Gentoo Base System release 1.12.9 Timestamp of tree: Sun, 15 Apr 2007 15:50:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31-r5 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.15-r1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-mp -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=athlon-mp -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks metadata-transfer parallel-fetch sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk" LANG="en_GB.UTF-8" LINGUAS="en en_GB" MAKEOPTS="-j9" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/sunrise" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X Xaw3d a52 aac aalib acpi alsa amr amrr animgif ao aoss apache2 audacious avi bash-completion berkdb bitmap-fonts bittorrent browserplugin bzip2 cairo ccache cdparanoia cdr cdrom cgi chardet chm clamav clamd cli cpudetection crypt cups curl curlwrappers cursors customlog dbus dga divx dlloader dpms dri dts dvd dvdnav dvdr dvdread dvi eds elf encode esd ethereal exif expat extensions fam fame fastcgi fbcon ffmpeg filepicker finger firefox flac flash flatfile font-server fontconfig foomaticdb fortran freetts gaim gajim gd gdbm gdm geoip gif gimp gimpprint glitz glut gmail gmailtimestamps gmedia gnome gnome-print gnutls gstreamer010 gtk gtk2 gtkhtml gtkspell guile gvim hal hddtemp html httpd icons iconv id3 imagemagick imlib imlib2 injection jabber jpeg lame lcms libcaca libclamav libg++ libnotify libsamplerate libwww lighttpd lm_sensors logitech-mouse logrotate lzo lzw mad madwifi midi mikmod mjpeg mmap mmx mmxext mng modplug mono motif mozbranding moznocompose moznoirc moznomail mozsvg mp3 mp4 mpeg mplayer msn musepack nautilus ncurses network new-login nfs nls no-old-linux no-seamonkey no-suexec nogecko-sdk nogg noplugin nptl nptlonly nsplugin nvidia offensive ogg oggvorbis openal opendoc opengl openssl opensslcrypt oss pam pam_chroot panel-plugin pango pcre pdf pdflib perl php png pop ppds pppd pulseaudio python quicktime rar rdesktop readline real realmedia reflection rtc ruby samba sdl sensord session sftp sftplogging smp smtp sndfile sound sox speex spell spl sqlite sqlite3 sse sse-filters ssl startup-notification subtitles subversion svg svgz swat sysfs syslog tabs taglib tagwriting tcl tcltk tcpd test tga theora threads thunar-vfs thunderbird tidy tiff timidity tk toolbar tools tos transcode truetype truetype-fonts type1-fonts udev uk_bleb uk_rt underscores unicode unzip usb vim vim-pager vim-with-x virus-scan vorbis wavpack win32codecs wma wmp wordperfect wv wxgtk1 wxwindows x264 x86 xanim xcb xchat xchattext xcomposite xext xforms xinerama xinetd xml xmlreader xmlwriter xorg xosd xprint xrandr xscreensaver xsettings xv xvid xvmc zeroconf zip zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="g15" LINGUAS="en en_GB" USERLAND="GNU" VIDEO_CARDS="nv nvidia" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Portage 2.1.2.2 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.5-r0, 2.6.21-rc5 i686) ================================================================= System uname: 2.6.21-rc5 i686 Pentium III (Coppermine) Gentoo Base System release 1.12.9 Timestamp of tree: Sun, 15 Apr 2007 15:50:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.4 [enabled] dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.15-r1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=pentium3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distcc distlocks metadata-transfer parallel-fetch sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.virginmedia.com" LINGUAS="en en_GB" MAKEOPTS="-j12" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise" SYNC="rsync://atlantis/gentoo-portage" USE="X aac bash-completion berkdb bitmap-fonts bzip2 cgi cli cpudetection cracklib crypt curl dbus doc dri fastcgi fftw flac fontconfig fortran gdbm glitz gnutls gpm gtk hal hddtemp iconv isdnlog jack jack-tmpfs jpeg libg++ libnotify lm_sensors mad midi mmx modplug mp3 mpi musepack ncurses netjack nls nptl nptlonly numeric offensive ogg pam pango pcre perl php plugins png ppds pppd pulseaudio python readline reflection samba sensord server session sndfile spl sse ssl svg tcpd timidity truetype truetype-fonts type1-fonts unicode vorbis wavpack wma x86 xml xorg xpm zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_GB" USERLAND="GNU" VIDEO_CARDS="mach64 vga vesa" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS corsair@gentoo.org 2007-04-15 19:08:41 0000 ppc64 stable ticho@gentoo.org 2007-04-15 19:14:08 0000 x86 done welp@gentoo.org 2007-04-15 20:17:08 0000 amd64 stable armin76@gentoo.org 2007-04-16 09:59:38 0000 ia64 stable gustavoz@gentoo.org 2007-04-16 13:19:23 0000 sparc stable. lars@chaotika.org 2007-04-17 08:46:38 0000 *** Bug 174879 has been marked as a duplicate of this bug. *** yoswink@gentoo.org 2007-04-17 11:24:15 0000 alpha stable yoswink@gentoo.org 2007-04-17 11:25:48 0000 Ouch, forgot to take alpha out in the CC list. :( sorry wolf31o2@gentoo.org 2007-04-18 15:15:41 0000 ppc done jaervosz@gentoo.org 2007-04-18 15:30:54 0000 This one is ready for GLSA vote. I vote YES. bangert@gentoo.org 2007-04-23 14:17:54 0000 mips and arm? thanks! :) security: SUSE and rPath have published announcements AFAICT. dragonheart@gentoo.org 2007-04-30 08:38:09 0000 voting yes too. falco@gentoo.org 2007-05-07 21:50:23 0000 GLSA 200705-07 is out, thanks to everybody