550936 – (CVE-2015-3887) <net-misc/proxychains-4.10: RPATH vulnerability(CVE-2015-3887)

Bug 550936 (CVE-2015-3887) - <net-misc/proxychains-4.10: RPATH vulnerability(CVE-2015-3887)

Summary: <net-misc/proxychains-4.10: RPATH vulnerability(CVE-2015-3887)

Status:	RESOLVED FIXED

Alias:	CVE-2015-3887

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://github.com/rofl0r/proxychains...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-06-01 11:04 UTC by MickKi
Modified:	2016-04-28 05:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description MickKi 2015-06-01 11:04:36 UTC

CVE-2015-3887 refers to a vulnerability with net-misc/proxychains-4.8.1, which is fixed in proxychains-ng release 4.9.

Reproducible: Always




Request for version bump to fix RPATH vulnerability as per CVE-2015-3887.

-- 
Regards,
Mick

Comment 1 Tim Harder gentoo-dev

2015-06-23 14:11:24 UTC

Arches, please stabilize 4.10.

Comment 2 Agostino Sarubbo gentoo-dev

2015-06-23 15:44:46 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2015-06-24 08:00:36 UTC

ppc stable

Comment 4 Agostino Sarubbo gentoo-dev

2015-06-26 08:05:44 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 5 Stefan Behte (RETIRED) gentoo-dev

2015-11-09 21:53:19 UTC

vote: yes.

Comment 6 Yury German Gentoo Infrastructure

2015-12-31 05:02:55 UTC

GLSA Vote: No
Maintainer(s), please drop the vulnerable version(s).

Comment 7 Yury German Gentoo Infrastructure

2016-01-26 03:57:34 UTC

It has been 30 days since cleanup was requested.
Maintainer(s), please drop the vulnerable version(s)