CVE-2008-4976 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4976): ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, and (8) ogle_vout_debug scripts.
DEBIAN: http://bugs.debian.org/496425 DEBIAN: http://bugs.debian.org/496420 FILES: ogle_audio_debug, ogle_cli_debug, ogle_ctrl_debug, ogle_gui_debug, ogle_mpeg_ps_debug, ogle_mpeg_vs_debug, ogle_nav_debug, ogle_vout_debug CODE: http://dev.gentoo.org/~rbu/security/debiantemp/ogle CODE: http://dev.gentoo.org/~rbu/security/debiantemp/ogle-mmx NOTE: This only affects debugging scripts not present in standard path I checked it: our in-tree version 0.9.2-r1 is vulnerable.
media-video: *ping*
Arches, please test and mark stable: =media-video/ogle-0.9.2-r2 Target keywords : "alpha amd64 ia64 ppc sparc x86"
Stable on alpha.
ppc done
ia64/sparc/x86 stable
amd64 stable. Vulnerable version removed. Ready for voting, I say NO.
this is only in debug scripts, so i'd vote NO as well.