Hello, This kludgy ebuild hardcodes its own version of sys-libs/db, apparently unnecessarily. Anyway, the problem is that it installs an unpatched 3.2.9 version of db (see files folder of sys-libs/db for patches) and I am not sure whether this presents a security issue or not. For example, from patch.3.2.9.1: + case DB_LV_NONEXISTENT: + /* Should never happen. */ + DB_ASSERT(0); + break; I just committed a dsniff-2.3-r6.ebuild that fixes the db issue. Please, let me know if this is a real issue or not.
taviso/tigger/solar/vapier please advise.
err, dsniff-2.3-r6 already fixes this 09 Sep 2005; Marcelo Goes <vanquirius@gentoo.org> +dsniff-2.3-r6.ebuild: Made ebuild DEPEND on ~sys-libs/db-3.2.9 instead of building its own copy.
I am just unaware wether db had any pre GLSA security issues.
oh right duh, Marcelo reported this bug :) considering i dont think we've seen any security reports against sys-libs/db, i say we just mark this as a WORKSFORME:THANKSMARCELO
THANKSMARCELO
LOL :-) Cheers