140533 – dev-libs/openssl, net-misc/openssh, net-misc/rsync, sys-apps/shadow, sys-devel/flex - security cleanup needed

Bug 140533 - dev-libs/openssl, net-misc/openssh, net-misc/rsync, sys-apps/shadow, sys-devel/flex - security cleanup needed

Summary: dev-libs/openssl, net-misc/openssh, net-misc/rsync, sys-apps/shadow, sys-deve...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-07-15 11:38 UTC by Jakub Moc (RETIRED)
Modified:	2006-09-04 00:29 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Moc (RETIRED) gentoo-dev

2006-07-15 11:38:53 UTC

dev-libs/openssl-0.9.6m: vulnerable via glsa(200510-11) ( ver < 0.9.7h && not ( ver = 0.9.7g && ver-rev => 0.9.7g-r1 ) && not ( ver = 0.9.7e && ver-rev => 0.9.7e-r2 ) ), affects ('alpha', 'hppa', 'mips', 'ppc', 'sparc', 'x86')
dev-libs/openssl-0.9.6m: vulnerable via glsa(200411-15) ( ver-rev < 0.9.7d-r2 ), affects ('alpha', 'hppa', 'mips', 'ppc', 'sparc', 'x86')

net-misc/openssh-3.9_p1-r3: vulnerable via glsa(200602-11) ( ver-rev < 4.2_p1-r1 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
net-misc/openssh-4.0_p1-r2: vulnerable via glsa(200602-11) ( ver-rev < 4.2_p1-r1 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
net-misc/openssh-4.1_p1-r1: vulnerable via glsa(200602-11) ( ver-rev < 4.2_p1-r1 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')

net-misc/rsync-2.6.0-r6: vulnerable via glsa(200605-05) ( ver < 2.6.8 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
net-misc/rsync-2.6.3-r1: vulnerable via glsa(200605-05) ( ver < 2.6.8 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
net-misc/rsync-2.6.4: vulnerable via glsa(200605-05) ( ver < 2.6.8 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
net-misc/rsync-2.6.5: vulnerable via glsa(200605-05) ( ver < 2.6.8 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
net-misc/rsync-2.6.6: vulnerable via glsa(200605-05) ( ver < 2.6.8 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc-macos', 'ppc64', 's390', 'sh', 'sparc', 'x86')
net-misc/rsync-2.6.6-r1: vulnerable via glsa(200605-05) ( ver < 2.6.8 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc-macos', 'ppc64', 's390', 'sh', 'sparc', 'x86')
net-misc/rsync-2.6.7-r1: vulnerable via glsa(200605-05) ( ver < 2.6.8 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc-macos', 'ppc64', 's390', 'sh', 'sparc', 'x86', 'x86-fbsd')

sys-apps/shadow-4.0.7-r4: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.11.1-r1: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.11.1-r2: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.12: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.13: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.14-r1: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.14-r2: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.14-r3: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.15: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
sys-apps/shadow-4.0.15-r1: vulnerable via glsa(200606-02) ( ver-rev < 4.0.15-r2 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')

sys-devel/flex-2.5.4a-r6: vulnerable via glsa(200603-07) ( ver-rev < 2.5.33-r1 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'm68k', 'mips', 'ppc', 'ppc-macos', 'ppc64', 's390', 'sh', 'sparc', 'x86')

Please, clean up the above. Thanks! mips still needs newer rsync stable, CCing them.

Also, sys-apps/groff-1.18.1.1 belongs to this list, but that still can't be punted due to the broken man-pages-ja thing. :(

Comment 1 SpanKY gentoo-dev

2006-07-15 13:13:01 UTC

groff does not belong in the list, read the ebuild

ive cleaned up rsync and shadow, openssl/openssh/flex have old versions in there on purpose

Comment 2 Joshua Kinard gentoo-dev

2006-09-04 00:29:01 UTC

All referenced packages stable on mips.