Bug 112213 - www-client/lynx: arbitrary command execution via lynxcgi (CVE-2005-2929)
Bug#: 112213 (CVE-2005-2929) Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: major Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: taviso@gentoo.org
Component: Vulnerabilities
URL:  http://marc.theaimsgroup.com/?l=full-disclosure&m=113172754719215&w=2
Summary: www-client/lynx: arbitrary command execution via lynxcgi (CVE-2005-2929)
Keywords:  
Status Whiteboard: A2 [stable]
Opened: 2005-11-11 11:48 0000
Description:   Opened: 2005-11-11 11:48 0000 
dmwaters, please bump to 2.8.6dev.15 asap.

------- Comment #1 From solar 2005-11-11 22:09:30 0000 ------- 
Created an attachment (id=72720) [details]
lynx-2.8.6_pre15.ebuild

Here are the changes I had to make in my local tree for this bug.

------- Comment #2 From Fabian Groffen 2005-11-12 12:44:50 0000 ------- 
adding ppc-macos to check the patch.  ppc-macos keyword is dropped in the
patch.

------- Comment #3 From Fabian Groffen 2005-11-12 13:51:04 0000 ------- 
Created an attachment (id=72774) [details]
ppc-macos changes

applying the above patch to the lynx-2.8.6_pre15.ebuild file, cleans up the
darwin/osx mess.  This new version seems to compile and work fine for ppc-macos
without additional tweaks.   I tested, and hence added back the ~ppc-macos
keyword.

------- Comment #4 From Seemant Kulleen (RETIRED) 2005-11-12 17:46:26 0000 ------- 
arch teams -- please test lynx-2.8.5-r2 and mark stable

------- Comment #5 From Seemant Kulleen (RETIRED) 2005-11-12 17:47:10 0000 ------- 
Fabian -- please make sure ppc-macos is ok with 2.8.5-r2 as well

------- Comment #6 From solar 2005-11-12 18:23:29 0000 ------- 
silly seemant you asked for arch testing but forgot to ~arch the keywords. 
I reverted those for you and the arches right quick. I also tested on x86 and it 
looks pretty good so I left it in stable.

------- Comment #7 From Brent Baude 2005-11-12 18:45:35 0000 ------- 
ppc64 stable

------- Comment #8 From Jason Wever (RETIRED) 2005-11-12 18:49:24 0000 ------- 
Stable on SPARC

------- Comment #9 From Homer Parker 2005-11-12 19:13:30 0000 ------- 
amd64 done

------- Comment #10 From Fabian Groffen 2005-11-13 02:26:14 0000 ------- 
(In reply to comment #5)
> Fabian -- please make sure ppc-macos is ok with 2.8.5-r2 as well

At your service!

marked 2.8.5-r2 stable and made darwin patch unconditional (getting rid of the
conditional in the ebuild)

------- Comment #11 From Fernando J. Pereda (RETIRED) 2005-11-13 03:47:40 0000 ------- 
Alpha happy

------- Comment #12 From Michael Hanselmann (hansmi) (RETIRED) 2005-11-13 03:55:21 0000 ------- 
Stable on ppc, hppa.

------- Comment #13 From Thierry Carrez (RETIRED) 2005-11-13 09:24:15 0000 ------- 
GLSA 200511-09
arm, ia64, mips, s390 should mark stable to benefit from GLSA

------- Comment #14 From Seemant Kulleen (RETIRED) 2005-11-15 11:40:45 0000 ------- 
ia64 and mips, please do mark stable

------- Comment #15 From Hardave Riar (RETIRED) 2005-11-20 01:42:18 0000 ------- 
Stable on mips.