Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 153497
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Drew <aetius@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 153497 depends on: Show dependency tree
Bug 153497 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-10-30 17:10 0000 
This apparently is a rehash of bug #69985 - the fix was apparently not
complete.  The new CVE is 2006-5467:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467

------- Comment #1 From Matthias Geerdsen 2006-11-06 03:17:32 0000 ------- 
http://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467/

ruby herd, pls provide an ebuild with the patch

------- Comment #2 From Diego E. 'Flameeyes' Pettenò 2006-11-07 07:43:59 0000 ------- 
1.8.5-r3 in portage, have a nice day.

------- Comment #3 From Matthias Geerdsen 2006-11-07 08:31:47 0000 ------- 
arches, please test ruby-1.8.5-r3 and mark stable if possible

------- Comment #4 From Ferris McCormick 2006-11-07 10:54:40 0000 ------- 
sparc is stable, but I'm leaving it in the CC list because of also ~sparc-fbsd,
which I cannot test.

------- Comment #5 From Gustavo Zacarias (RETIRED) 2006-11-07 10:57:40 0000 ------- 
No need for that since sparc-fbsd hasn't got any stable yet.

------- Comment #6 From Ferris McCormick 2006-11-07 11:17:54 0000 ------- 
Thanks for that information.

------- Comment #7 From Markus Meier 2006-11-07 11:21:59 0000 ------- 
dev-lang/ruby-1.8.5-r3  USE="ipv6 threads -cjk -debug -doc -examples -socks5
-tk"
1. emerges on x86, please note: dodoc: MANIFEST does not exist
2. passes collision test
3. fails test suite:
  1) Failure:
test_endblockwarn(TestBeginEndBlock) [./ruby/test_beginendblock.rb:54]:
<"endblockwarn.rb:2: warning: END in method; use at_exit\n(eval):2: warning:
END in method; use at_exit\n"> expected but was
<"/var/tmp/portage/ruby-1.8.5-r3/temp/TestBeginEndBlock.19074.0:6: warning:
Insecure world writable dir /var/tmp, mode 041777\nendblockwarn.rb:2: warning:
END in method; use at_exit\n(eval):2: warning: END in method; use at_exit\n">.

please note, if it isn't an update, a new emerge of ruby a lot of tests fail:
1575 tests, 15553 assertions, 3 failures, 50 errors
is this expected?

4. subversion with USE="ruby" emerges with it

Portage 2.1.1-r1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4,
2.6.18.1 i686)
=================================================================
System uname: 2.6.18.1 i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Gentoo Base System version 1.12.6
Last Sync: Tue, 07 Nov 2006 17:50:01 +0000
ccache version 2.3 [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom
cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds
elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm
gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog
java jpeg kde kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en
linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl
oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection
rtsp samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex
theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU
vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs
wxwindows x264 xine xml xorg xprint xv xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS,
PORTDIR_OVERLAY

------- Comment #8 From Alexander Færøy 2006-11-07 14:13:43 0000 ------- 
Stable on alpha.

------- Comment #9 From Joshua Jackson 2006-11-07 21:30:32 0000 ------- 
x86 is stable, guess I should be going yay to something I use using
this..actively.

------- Comment #10 From Tobias Scherbaum 2006-11-07 23:45:11 0000 ------- 
ppc stable

------- Comment #11 From Danny van Dyk (RETIRED) 2006-11-08 11:22:38 0000 ------- 
Tests show 7 failures in 1.8.5-r3 on amd64, but latest stable (1.8.5) has the
very same failures. No regression, no reason to not mark stable.
=> amd64 love applied.

Flameeyes: Those test failures seem to be installation dependent, as it tries
to
a) access ruby in $ROOT, and not under the work directory,
b) complain about the work directory be insecure due to permissions.

Poke me if you want a bugreport for it.

------- Comment #12 From René Nussbaumer 2006-11-13 12:10:16 0000 ------- 
stable on hppa

------- Comment #13 From Markus Rothe 2006-11-15 05:01:02 0000 ------- 
ppc64 stable

------- Comment #14 From Matthias Geerdsen 2006-11-15 13:17:59 0000 ------- 
lets have a GLSA for this one even though B3 would call for a vote, but there
is a draft already

------- Comment #15 From Sune Kloppenborg Jeppesen 2006-11-20 11:55:13 0000 ------- 
Thx everyone.

GLSA 200611-12
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug