From upstream bugzilla at $URL: When 'dropping privileges' bitlbee simply does a 'setgid' followed by a 'setuid' call in unix.c. However, this is not sufficient. The code needs to 'drop' the extra groups that the process was started with through initgroups or setgroups.
This is fixed in bitlbee-3.0.5-r1 (and -r0), already in ~testing.
(In reply to comment #1) > This is fixed in bitlbee-3.0.5-r1 (and -r0), already in ~testing. Thanks, Alex. Can we roll forward and stabilize =net-im/bitlbee-3.0.5-r1?
(In reply to comment #2) > (In reply to comment #1) > > This is fixed in bitlbee-3.0.5-r1 (and -r0), already in ~testing. > > Thanks, Alex. Can we roll forward and stabilize =net-im/bitlbee-3.0.5-r1? It should be good to go. I've masked the skype use flag across all arches since skype has no stable versions.
Great, thank you. Arches, please test and mark stable: =net-im/bitlbee-3.0.5-r1 Target keywords : "amd64 ppc x86"
The following keyword changes are necessary to proceed: #required by net-im/bitlbee-3.0.5-r1[skype], required by @selected, required by @world (argument) =dev-python/skype4py-1.0.32.0 ~amd6 how about stabilizing that too ?
(In reply to comment #5) > The following keyword changes are necessary to proceed: > #required by net-im/bitlbee-3.0.5-r1[skype], required by @selected, required > by @world (argument) > =dev-python/skype4py-1.0.32.0 ~amd6 > > how about stabilizing that too ? No, because as noted previously the skype use flag is masked and will remain that way since skype dropped its stable keywords.
amd64: pass
amd64 stable
x86 stable
ppc stable
Thanks, everyone. I think this is about a B3 or B4 level issue. GLSA Vote: no.
GLSA vote: no. Closing noglsa.