Summary: | net-www/bugport: undisclosed security-related bug fix in 1.134 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | jmglov, marc.vila, pYrania, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.incogen.com/index.php?type=General¶m=bugport | ||
Whiteboard: | ~? [] vorlon | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2004-10-05 02:21:05 UTC
xforce advisory @ http://xforce.iss.net/xforce/xfdb/17587 web-apps, haven't heard anything of jmglov, could one of you please look into this and bump the ebuild changed to ebuild+ since this bug is open for four days without any reaction now wep-apps/jmglov, pls bump the ebuild I've started looking at it. bugport-1.135 doesn't seem to work out of the box, which isn't helping matters. Best regards, Stu 1.136 seems to be out now too any progress on the new ebuild? _____ The vulnerability seems to be somewhere in the handling of attached files. http://securitytracker.com/alerts/2004/Oct/1011543.html http://www.osvdb.org/10482 This version doesn't work out of the box either. If no-one complains, I'm happy to mask this package. Best regards, Stu hard-masked in portage. Markus: any success in your webapp-config learning ? Please let us know if you still want to handle this package, for example by putting yourself in the metadata.xml file :) Alright, enough testing. Submitted the newest version, removed the old one and the package mask. I also added a metadata stating me as maintainer. err, security bug. Close after GLSA is send out. ~arch masked, so no need for GLSA thanks for taking this Markus no GLSA needed, metadata.xml uptodate and vulnerable version removed -> closing |