Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 247958 - net-analyzer/rtg-0.7.4 has internal copies of gd-1.8.4, cgilib-0.4, zlib-1.1.4 and libpng-1.2.1
Summary: net-analyzer/rtg-0.7.4 has internal copies of gd-1.8.4, cgilib-0.4, zlib-1.1....
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: bundled-libs
  Show dependency tree
 
Reported: 2008-11-21 13:02 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2009-04-17 09:35 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2008-11-21 13:02:03 UTC
I don't even want to count out the possible security vulnerabilities.

Who wants to have fun?
Comment 1 Tobias Scherbaum (RETIRED) gentoo-dev 2009-01-11 10:16:36 UTC
package.masked, will be removed in 30 days.

bundles *very* outdated versions of gd, zlib and libpng libraries, static links, upstream seems dead, removal in 30 days. bug #247958 and bug #251425
Comment 2 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-04-17 04:19:27 UTC
treecleaners removed this since it was long enough and definitely heading out.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-04-17 09:35:50 UTC
The libraries were only used to generate the statistics, so input should be considered trusted. It's for the better that the thing is gone, but does not warrant involvement of Security such as a GLSA.