* SECURITY FIX (local exploit) This version fixes a potential buffer overflow in gxine's server component and in gxine_client. This overflow would occur were $HOME sufficiently long - 94 bytes or more would cause socket creation or connection failure, and 242 bytes or more would cause a segfault or possible arbitrary code execution. The ebuild is already in portage (a bit late, but when it was released I was unable to commit), and should be ready for stable.
imho not a vuln. out of bounds stuff if $HOME is too big ... unless gxine is suid (which i wouldnt consider best practice), this seems like a non-issue because you cant gain anything?
It is not suid, and yes, I find it farfetched too.. 242 bytes in $HOME sounds to be crazy anyway...
(In reply to comment #2) > It is not suid, and yes, I find it farfetched too.. 242 bytes in $HOME sounds > to be crazy anyway... > Thanks for the report, but yes, indeed, this is really farfetched... media-video may want to patch this but this is not a security issue. Reassigning.
Security, you can close it, as major arches (except ppc64) have .11 stable and it looks like a non-issue.
(In reply to comment #4) > Security, you can close it, as major arches (except ppc64) have .11 stable and > it looks like a non-issue. all stable, closing.