Summary: | <media-video/ogle-0.9.2-r2 symlink attack (CVE-2008-4976) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/496425 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 235770 |
Description
Stefan Behte (RETIRED)
2008-11-07 02:23:36 UTC
DEBIAN: http://bugs.debian.org/496425 DEBIAN: http://bugs.debian.org/496420 FILES: ogle_audio_debug, ogle_cli_debug, ogle_ctrl_debug, ogle_gui_debug, ogle_mpeg_ps_debug, ogle_mpeg_vs_debug, ogle_nav_debug, ogle_vout_debug CODE: http://dev.gentoo.org/~rbu/security/debiantemp/ogle CODE: http://dev.gentoo.org/~rbu/security/debiantemp/ogle-mmx NOTE: This only affects debugging scripts not present in standard path I checked it: our in-tree version 0.9.2-r1 is vulnerable. media-video: *ping* Arches, please test and mark stable: =media-video/ogle-0.9.2-r2 Target keywords : "alpha amd64 ia64 ppc sparc x86" Stable on alpha. ppc done ia64/sparc/x86 stable amd64 stable. Vulnerable version removed. Ready for voting, I say NO. this is only in debug scripts, so i'd vote NO as well. |