Summary: | <app-misc/screenie-1.30.0-r1 symlink attack (CVE-2008-5371) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | stupendoussteve |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maintainer-needed |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5371 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 235770 |
Description
stupendoussteve
2008-12-10 04:59:00 UTC
I asked Marc, if he is getting this fixed, and he replied: Sorry Craig, I do not have time to make changes on my OSS projects anymore, therefore I released the tool as OSS. thanks Marc Debian has a patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509332#10 Ali, can you have a look at this? Arches, please test and mark stable: =app-misc/screenie-1.30.0-r1 Target keywords : "amd64 hppa ia64 sparc x86" +*screenie-1.30.0-r1 (08 Jun 2009) + + 08 Jun 2009; Alex Legler <a3li@gentoo.org> +screenie-1.30.0-r1.ebuild, + +files/screenie-CVE-2008-5371.patch: + Non-maintainer commit: Applying patch for CVE-2008-5371, bug 250476. + Sparc stable. x86 stable Stable for HPPA. ia64 stable amd64 stable, all arches done. Vulnerable version removed. GLSA voting, please. As the Debian Symlink vulnerabilities usually got a GLSA, I vote YES. Yes, too. Request filed. GLSA 200909-09 |