Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 212145
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 212145 depends on: Show dependency tree
Bug 212145 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-03-03 01:32 0000 
CVE-2008-0777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0777):
  The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access
  flags of the file descriptor used for sending a file, which allows local
  users to read the contents of write-only files.

------- Comment #1 From Robert Buchholz 2008-03-03 01:33:27 0000 ------- 
BSD herd, please act.

This is the third security bug that is now open, and the others are not moving
at all. Are you maintaining the Gentoo BSD port, or can/should this be
p.masked?

------- Comment #2 From Pierre-Yves Rofes 2008-05-09 14:26:41 0000 ------- 
(In reply to comment #1)
> BSD herd, please act.
> 
> This is the third security bug that is now open, and the others are not moving
> at all. Are you maintaining the Gentoo BSD port, or can/should this be
> p.masked?
> 

*ping*

------- Comment #3 From Alexis Ballier 2008-05-17 19:55:28 0000 ------- 
6.2-r4 has the patch

------- Comment #4 From Pierre-Yves Rofes 2008-05-17 20:37:37 0000 ------- 
thanks, closing.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug