189536 – (CVE-2007-3388) app-emulation/emul-linux-x86-qtlibs: format string vulnerabilities (CVE-2007-3388)

Bug 189536 (CVE-2007-3388) - app-emulation/emul-linux-x86-qtlibs: format string vulnerabilities (CVE-2007-3388)

Summary: app-emulation/emul-linux-x86-qtlibs: format string vulnerabilities (CVE-2007-...

Status:	RESOLVED FIXED

Alias:	CVE-2007-3388

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa] Falco
Keywords:

Depends on:
Blocks:	emul-tracker
	Show dependency tree

Reported:	2007-08-19 22:12 UTC by Raphael Marichez (Falco) (RETIRED)
Modified:	2020-04-03 06:58 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-08-19 22:12:01 UTC

Hi,

unless i'm wrong, the emulation-Qt is also concerned by the format string vulnerabilities described in CVE-2007-3388. 

See bug 185446 for further discussion and patch.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-09-08 16:06:45 UTC

maintainers, please provide fixed ebuild.

Comment 2 Mike Doty (RETIRED) gentoo-dev

2007-11-14 07:24:13 UTC

app-emulation/emul-linux-x86-qtlibs-20071114 in tree ~amd64 + p.masked.  This was produced with a new build system.  We intend for these ebuilds to go stable in time for releng(really soon)

Comment 3 Togge 2007-11-16 19:39:38 UTC

--- amd64 ---
app-emulation/emul-linux-x86-qtlibs-20071114 - USE:

1: emerges
2: passes collision-protect, (multilib-)strict, test
3: works (tested with Opera)

Portage 2.1.3.19 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.22-gentoo-r9 x86_64)
=================================================================
System uname: 2.6.22-gentoo-r9 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Timestamp of tree: Unknown
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -ggdb -march=athlon64 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/init.d /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -ggdb -march=athlon64 -pipe"
DISTDIR="/tmp/portage"
FEATURES="ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms splitdebug strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ds.thn.htu.se/linux/gentoo               http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/            http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/            http://mirror.switch.ch/mirror/gentoo/         http://trumpetti.atm.tut.fi/gentoo/"
LANG="en_US.utf-8"
LINGUAS="en sv"
MAKEOPTS="-j3"
PKGDIR="/tmp/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/private"
SYNC="rsync://dx/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi aiglx alsa amd64 apache2 arts asf avi bash-completion berkdb bitmap-fonts branding browserplugin cairo ccache cdr cli cpudetection cracklib crypt cscope css cups cvs dbus divx divx4linux dlloader dri dvd dvdr dvdread eds emboss encode esd evo fam ffmpeg firefox flac foomaticdb fortran freetype gdbm geoip gif gimp gmedia gnokii gnome gpm gstreamer gtk hal http iconv ieee1394 imap imlib ipv6 isdnlog java javascript jfs jpeg kde kdeenablefinal kdehiddenvisibility kdepim kerberos logitech-mouse mad madwifi maildir midi mikmod mmx mmx2 mmxext mono mozbranding moznopango mozsvg mp3 mpeg mplayer msn mudflap mysql ncurses nls nptl nptlonly nsplugin ntfs nvidia obex ogg oggvorbis opengl openmp oss pam pcre pdf pdflib perl png pppd python qt qt3 qt3support qt4 quicktime readline realmedia reflection reiserfs samba scanner sdl session spell spl sse sse2 ssl subversion svg symlink tcpd tetex theora threads tiff truetype truetype-fonts type1-fonts udev unicode usb v4l v4l2 vim-syntax vim-with-x visualization vorbis wifi wmf wmp wxwindows xcomposite xface xfs xine xinerama xml xorg xosd xpm xprint xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en sv" USERLAND="GNU" VIDEO_CARDS="nv nvidia"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 4 Mike Doty (RETIRED) gentoo-dev

2007-11-26 04:24:55 UTC

20071114-r2 stable, sec team do your thing...

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2007-12-02 12:28:17 UTC

GLSA request filed.

Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-12-09 22:03:33 UTC

GLSA 200712-08