Hi all, As described in bug #377929 minitube-1.5 suffers from insecure temporary file vulnerability which could lead to DOS attack. The bug has been fixed in minitube-1.6 which is now on portage. I strongly suggest to perform a 0 day stabilization on this version. If you agree please CC arches.
Just to clarify, 1.5-r1 has a temporary (badly coded but still better than nothing) fix which was rejected by upstream.
Thanks Markos. Arches, please test and mark stable: =media-video/minitube-1.6 target KEYWORDS : "amd64 x86"
amd64: pass NB: fails with linguas fr, ar... can those be disabled on the fly or fixed ?
> NB: fails with linguas fr, ar... can those be disabled on the fly or fixed ? ar works, my bad... fr doesn't
amd64 ok
amd64: pass
amd64 : Ok
+ 01 Nov 2011; Tony Vroon <chainsaw@gentoo.org> minitube-1.6.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo, + Elijah "Armageddon" El Lazkani & Tomáš "Mepho" Pružina in security bug + #388867.
x86 stable
Thanks, folks. GLSA vote: yes.
Vote: yes. Created new GLSA request.
This issue was resolved and addressed in GLSA 201203-18 at http://security.gentoo.org/glsa/glsa-201203-18.xml by GLSA coordinator Sean Amoss (ackle).