112577 – dev-lang/gauche-0.8.6 appears to contain insecure RUNPATHs

Bug 112577 - dev-lang/gauche-0.8.6 appears to contain insecure RUNPATHs

Summary: dev-lang/gauche-0.8.6 appears to contain insecure RUNPATHs

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3? [glsa]
Keywords:

Depends on:
Blocks:	81745
	Show dependency tree

Reported:	2005-11-14 20:45 UTC by Jason Wever (RETIRED)
Modified:	2006-03-23 19:53 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
gauche-runpath.diff (gauche-runpath.diff,509 bytes, patch) 2005-11-15 00:59 UTC, Akinori Hattori	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jason Wever (RETIRED) gentoo-dev

2005-11-14 20:45:12 UTC

Portage fails to emerge dev-lang/gauche-0.8.6 with the following error;

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/gauche-0.8.6/work/Gauche-0.8.6/src
usr/lib/gauche/0.8.6/sparc-unknown-linux-gnu/gauche-config
/var/tmp/portage/gauche-0.8.6/work/Gauche-0.8.6/src usr/bin/gauche-config

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-11-14 22:42:56 UTC

hattya please advise.

Comment 2 Akinori Hattori gentoo-dev

2005-11-15 00:59:45 UTC

Created attachment 72933 [details, diff]
gauche-runpath.diff

Does this patch fix this problem ?

Comment 3 Jason Wever (RETIRED) gentoo-dev

2005-11-15 18:07:11 UTC

Yup, the patch works here.

Comment 4 Akinori Hattori gentoo-dev

2005-11-16 02:46:32 UTC

OK, in CVS.

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2005-11-16 04:42:47 UTC

hattya/weeve: Is it new to 0.8.6 or are previous versions also affected ?

Comment 6 Jason Wever (RETIRED) gentoo-dev

2005-11-16 05:11:57 UTC

0.8.5 appears to be affected as well but 0.8.3 appears to be clean.

Comment 7 Thierry Carrez (RETIRED) gentoo-dev

2005-11-16 05:37:44 UTC

OK so we should probably mark 0.8.6-r1 stable. Ccing x86 and ia64 arch teams.

Comment 8 Chris Gianelloni (RETIRED) gentoo-dev

2005-11-16 06:22:26 UTC

Guess I could have added a comment, huh?

Stable on x86...

Comment 9 Thierry Carrez (RETIRED) gentoo-dev

2005-11-16 07:26:32 UTC

One more RUNPATH thing piled up, will send GLSA when we'll have at least 3 of them.

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2005-12-14 03:54:16 UTC

Common GLSA with bug 105380

Comment 11 Thierry Carrez (RETIRED) gentoo-dev

2005-12-15 04:22:26 UTC

GLSA 200512-07
ia64 should mark stable to benefit from GLSA