Summary: | media-libs/id3lib 3.x Insecure Temporary File Privilege Escalation (CVE-2007-4460) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Fleming (RETIRED) <mjf> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sound |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/26536/ | ||
Whiteboard: | B3? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matt Fleming (RETIRED)
2007-08-20 15:50:51 UTC
CC'ing maintainer and setting whiteboard status. upstream is not available anymore, so I'm accepting patches. (In reply to comment #2) > upstream is not available anymore, so I'm accepting patches. > Ignore this. Fixed in id3lib-3.8.3-r6. Arches please test and mark stable. Target keywords are: id3lib-3.8.3-r6.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86 ~x86-fbsd" @drac, I'm not familiar with id3lib but could you elaborate on the reported privilege escalation to root privileges? (In reply to comment #4) > @drac, I'm not familiar with id3lib but could you elaborate on the reported > privilege escalation to root privileges? See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438540 for reference. Rerating: [21:26] <jaervosz> drac: thx for the reference but I still fail to see why you should gain root privs by that? [21:27] <drac> jaervosz: users perhaps, but not roots for sure.. [21:28] <drac> jaervosz: perhaps as in dunno how one could manage even that. [21:28] <jaervosz> drac: thx, wasn't sure wether secunia just messed up something or I was overlooking something very trivial Stable for HPPA. sparc stable. amd64 stable ppc stable x86 stable alpha/ia64 stable ppc64 stable ready for glsa decision. I tend to vote YES. I vote YES too. mips stable. ok, let's have a glsa on this one. GLSA 200709-08 thanks everyone |