First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 84704
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 84704 depends on: Show dependency tree
Bug 84704 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-03-09 22:47 0000 
More info on Sourceforge:

http://sourceforge.net/tracker/index.php?func=detail&aid=834724&group_id=3714&atid=103714
https://sourceforge.net/tracker/index.php?func=detail&aid=1160134&group_id=3714&atid=303714

------- Comment #1 From Tony Vroon 2005-03-12 08:49:27 0000 ------- 
We do not have the mentioned vulnerable 3.1.2 version in our tree anymore.

------- Comment #2 From Luke Macken (RETIRED) 2005-03-12 10:25:00 0000 ------- 
someone responded to the bug and confirmed this in 3.2.0 as well.

CC'ing sound since this is their baby.

------- Comment #3 From Jan Brinkmann (RETIRED) 2005-03-12 17:05:42 0000 ------- 
a 3.3.0 ebuild and the patch from sourceforge are now in tree

------- Comment #4 From Luke Macken (RETIRED) 2005-03-12 18:31:28 0000 ------- 
The added patch was not confirmed by upstream, and is not included in their
latest release 3.3.0.  Although this vulnerability is highly unlikely to cause
any trouble, the patch looks harmless to me, so I have no objection for keeping
it in the tree. 

Security/Audit Team, opinions?

------- Comment #5 From Thierry Carrez (RETIRED) 2005-03-14 01:35:32 0000 ------- 
Looks alright to me...
Arches, please test and mark grip-3.3.0 stable

------- Comment #6 From Markus Rothe 2005-03-14 08:40:37 0000 ------- 
stable on ppc64

------- Comment #7 From Michael Hanselmann (hansmi) (RETIRED) 2005-03-14 10:13:19 0000 ------- 
Stable on ppc.

------- Comment #8 From Gustavo Zacarias (RETIRED) 2005-03-14 11:38:03 0000 ------- 
sparc stable.

------- Comment #9 From Jan Brinkmann (RETIRED) 2005-03-14 11:52:29 0000 ------- 
stable on amd64 and x86

------- Comment #10 From Bryan Østergaard (RETIRED) 2005-03-17 00:16:45 0000 ------- 
Stable on alpha.

------- Comment #11 From Luke Macken (RETIRED) 2005-03-17 09:47:05 0000 ------- 
GLSA 200503-21

------- Comment #12 From Jan Brinkmann (RETIRED) 2005-03-17 11:04:53 0000 ------- 
what about the vulnerable versions in the tree, 3.2.0 and 3.2.0-r1 ? shouldn't
somebody remove them?

------- Comment #13 From Chris White (RETIRED) 2005-03-17 16:20:13 0000 ------- 
Vulnerable versions are removed.

------- Comment #14 From Andy Wang 2005-05-04 21:47:32 0000 ------- 
Is it really appropriate to replace Grip 3.2.0 (the officially released
version) with Grip 3.3.0 (an unstable development version?).  Shouldn't the
proper route been to backport the patch to 3.2.0?

------- Comment #15 From Andy Wang 2005-05-04 22:02:42 0000 ------- 
FYI, the patch (3.3.0-crashfix.patch) applies directly to 3.2.0 and solves the
problem
First Last Prev Next    No search results available      Search page      Enter new bug