Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 85766 - sys-devel/gettext: tempfile vuln back in 1.4.1
Summary: sys-devel/gettext: tempfile vuln back in 1.4.1
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-18 05:32 UTC by Luke Macken (RETIRED)
Modified: 2005-04-22 05:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luke Macken (RETIRED) gentoo-dev 2005-03-18 05:32:07 UTC
gettext-0.14.2/NEWS:

* Security fixes.
Comment 1 Luke Macken (RETIRED) gentoo-dev 2005-03-18 05:34:34 UTC
base-system, please advise.
Comment 2 Luke Macken (RETIRED) gentoo-dev 2005-03-18 06:04:39 UTC
Hmm.. this could very well be a dupe of Bug #66355.
Comment 3 SpanKY gentoo-dev 2005-03-18 06:16:56 UTC
yes, i do believe it is, but now that we have gettext-0.14.1 unmasked, we need to consider this again

i think this is my fault ... the original reason for masking 0.14.1 was due to Bug  66449 and once i resolved that, i unmasked it again, having forgotten about Bug 66355

i need to touch up 0.14.2 a bit before we can consider it for stable (bogues `make check` failures)
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-03-25 05:36:21 UTC
vapier: any progress ?
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-04-15 23:07:38 UTC
Ok, trying the other one. SpanKY any progress on this one?
Comment 6 SpanKY gentoo-dev 2005-04-19 21:34:51 UTC
0.14.1-r1 with patch from Bug 66355 and KEYWORDS have been carried forward from 0.14.1 unchanged so we dont need to bother arch maintainers ...
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-04-19 21:59:48 UTC
Thx SpanKY

This one is ready for GLSA, perhaps as an update to GLSA 200410-10?
Comment 8 SpanKY gentoo-dev 2005-04-19 22:13:21 UTC
i think an update would be best
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-04-21 00:47:19 UTC
If I understand correctly:

Currently the 200410-10 GLSA says :
Vulnerable:  <0.12.1-r2
Unaffected: >=0.12.1-r2

and we need to upgrade that GLSA to:
Vulnerable:   <0.14.1-r1
Unaffected:  >=0.14.1-r1
Unaffected: *>=0.12.1-r2
Comment 10 SpanKY gentoo-dev 2005-04-21 05:48:20 UTC
sounds about right
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-04-22 05:15:35 UTC
Fixed with GLSA 200410-10 Update