Summary: | app-i18n/uim has privilege escalation vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mamoru KOMACHI (RETIRED) <usata> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://lists.freedesktop.org/archives/uim/2005-February/000996.html | ||
Whiteboard: | B2? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mamoru KOMACHI (RETIRED)
2005-02-20 06:31:10 UTC
usata, are there any setuid/setgid applications in the tree, which are linked against libuim? Otherwise we shouldn't be vulnerable... or am I overlooking something here? Anyways... accepting bug. arches, pls test and mark stable... uim-0.4.5.1.ebuild: current KEYWORDS="x86 ~alpha ~ppc ~amd64 ~ppc64 ~sparc" target KEYWORDS="x86 alpha ppc amd64 ppc64 sparc" vorlon: I just checked my Gentoo desktop, and found mlterm (USE="uim") is linked against libuim. It is setgid to utmp. stable on ppc64 hppa team: please add ~hppa keyword to uim-0.4.6_beta2.ebuild as I removed uim-0.4.5-r1. (it was a snapshot from SVN repository) sparc stable. *** Bug 83165 has been marked as a duplicate of this bug. *** stable on ppc This is CAN-2005-0503 amd64 done Stable on alpha. seems ready for GLSA, security pls review removing hppa, cause it has been marked stable without notice no entry in Changelog! but cvs log gives: revision 1.4 date: 2005/02/24 05:48:29; author: vapier; state: Exp; lines: +9 -10 hppa KEYWORDS for mr bones and misc cleanup Thx everyone. GLSA 200502-31 Already stable on hppa |