61797 2004-08-26 05:50 0000 app-arch/star suid root vulnerability 2006-05-30 02:42:12 0000 1 1 1 Unclassified Gentoo Linux Security unspecified All All RESOLVED FIXED https://lists.berlios.de/pipermail/star-users/2004-August/000239.html C1 [glsa] jaervosz P2 normal --- 1 wschlich@gentoo.org security@gentoo.org lostlogic@gentoo.org wschlich@gentoo.org 2004-08-26 05:50:49 0000 --8<-- A problem exists for all star versions that did support to use ssh for remote tape access. The problem is present in star-1.5a09 ... star-1.5a45 Please upgrade to star-1.5a46 --8<-- The latest version available in portage is app-arch/star-1.5_alpha43. It should be noted that star currently is not SUID by default. jaervosz@gentoo.org 2004-08-26 06:46:42 0000 lostlogic you bumped last time please bump to latest version. Currently no more info on the issue. jaervosz@gentoo.org 2004-08-28 15:31:13 0000 Bump compiles fine. solar@gentoo.org 2004-08-31 01:31:03 0000 ebuild bumped to star-1.5_alpha46 (Runtime needs testing) jaervosz@gentoo.org 2004-08-31 01:43:42 0000 Arches please test and mark stable. gustavoz@gentoo.org 2004-08-31 05:43:10 0000 Sparc tasty. kloeri@gentoo.org 2004-08-31 16:24:56 0000 Stable on alpha. sejo@gentoo.org 2004-09-01 13:48:55 0000 tested and stable on ppc greetings koon@gentoo.org 2004-09-02 01:00:17 0000 Reassigning Product/Component as this is not a GLSA error, it's a security bug. lv@gentoo.org 2004-09-02 01:54:58 0000 stable on amd64 jaervosz@gentoo.org 2004-09-05 03:20:06 0000 Local priv escalation. x86 please mark stable plasmaroo@gentoo.org 2004-09-06 11:03:01 0000 Stable on IA64. tester@gentoo.org 2004-09-07 13:57:09 0000 stable on x86 koon@gentoo.org 2004-09-07 14:00:53 0000 GLSA-ready vapier@gentoo.org 2004-09-07 21:36:06 0000 hppa stable now koon@gentoo.org 2004-09-08 00:54:35 0000 GLSA 200409-11 solar@gentoo.org 2006-05-29 17:23:56 0000 The GLSA sent our for this bug has an error <unaffected range="ge">star-1.5_alpha46</unaffected> <vulnerable range="lt">star-1.5_alpha46</vulnerable> Should read: <unaffected range="ge">1.5_alpha46</unaffected> <vulnerable range="lt">1.5_alpha46</vulnerable> Ref: http://www.gentoo.org/security/en/glsa/glsa-200409-11.xml?passthru=1 dercorny@gentoo.org 2006-05-30 02:42:12 0000 Thanks Kugelfang/solar. Should be fixed in the tree.