I'm not completely sure that this affects the version in portage. A format string vulnerability exists when tripwire generates an email report (i.e. 'tripwire -m c -M'). More details on Bugtraq http://www.securityfocus.com/archive/1/365036/2004-05-31/2004-06-06/0
Tripwire has confirmed this vulnerability on bugtraq. ``I will endeavor to patch the sourceforge code base as soon as possible. In the meantime, it is strongly recommended that you apply Paul's patch and rebuild from source.''
Tavis please apply the supplied patch in the Bugtraq link and bump the ebuild(The patch has been approved by Tripwire). An official patch is coming out soon. But there is currently no ETA for the official fix so we better use the one Bugtraq one until then.
fixed in cvs, tripwire-2.3.1.2-r1 has the patch
x86 please mark stable. Target keywords: x86
Looks like the maintainer already did 8)
GLSA drafted ready to go when reviewed.
GLSA good to go. Koon will you do the honor along with the sitecopy GLSA?
Taviso thanks for your quick resolution. Would you please also remove the vulnerable ebuild from portage?
GLSA 200406-02
no problem, old ebuilds removed