Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 374241 - <dev-libs/geoip-1.4.8 - possible directory traversal weakness in geoipupdate-pureperl.pl with malicious update server
Summary: <dev-libs/geoip-1.4.8 - possible directory traversal weakness in geoipupdate-...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-06 14:32 UTC by Jeroen Roovers (RETIRED)
Modified: 2011-10-08 21:20 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2011-07-06 14:32:58 UTC 
</usr/share/doc/geoip-1.4.8/ChangeLog.bz2>:
1.4.8
        [...]
        * Fix possible directory traversal weakness in geoipupdate-pureperl.pl
            with malicious update server ( Boris Zentner )
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-07-06 16:27:02 UTC 
Thanks, Jeroen. Are we ok to move forward and stabilize 1.4.8?
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2011-07-25 12:23:37 UTC 
Arch teams, please, stabilize geoip-1.4.8.
Comment 3 Agostino Sarubbo gentoo-dev 2011-07-25 12:41:00 UTC 
amd64 ok
Comment 4 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-07-25 16:13:19 UTC 
ppc/ppc64 stable
Comment 5 Andreas Schürch gentoo-dev 2011-07-25 17:19:25 UTC 
Looks also good here on x86.
Comment 6 Thomas Kahle (RETIRED) gentoo-dev 2011-07-26 09:54:39 UTC 
x86 stable. Thanks Andreas
Comment 7 Markus Meier gentoo-dev 2011-07-26 21:14:21 UTC 
arm stable
Comment 8 Ian Delaney (RETIRED) gentoo-dev 2011-07-26 23:47:37 UTC 
amd64 ok
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2011-07-27 04:41:21 UTC 
Stable for HPPA.
Comment 10 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2011-07-29 17:42:19 UTC 
amd64 pass
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2011-07-31 11:02:54 UTC 
alpha/ia64/s390/sh/sparc stable
Comment 12 Markos Chandras (RETIRED) gentoo-dev 2011-08-02 15:00:34 UTC 
amd64 done. Thank you all
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 15:26:05 UTC 
Thanks, everyone. GLSA Vote: no.
Comment 14 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 21:20:55 UTC 
Vote: NO. Too unlikely to be exploited. Closing noglsa. Feel free to reopen.