Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635992 (CVE-2016-10369) - <lxde-base/lxterminal-0.3.1: Insecure use of /tmp for a socket file (CVE-2016-10369)
Summary: <lxde-base/lxterminal-0.3.1: Insecure use of /tmp for a socket file (CVE-2016...
Status: RESOLVED FIXED
Alias: CVE-2016-10369
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://blog.lxde.org/2017/10/30/lxte...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 607838
Blocks:
  Show dependency tree
 
Reported: 2017-10-31 09:38 UTC by charles17
Modified: 2018-04-08 13:33 UTC (History)
2 users (show)

See Also:
Package list:
lxde-base/lxterminal-0.3.1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 charles17 2017-10-31 10:05:57 UTC
Find updated ebuild in https://github.com/gentoo/gentoo/pull/5362
Comment 2 D'juan McDonald (domhnall) 2017-10-31 22:11:21 UTC
@maintainer(s), Thank you. after bump, please call for stabilization when ready.
Comment 3 Larry the Git Cow gentoo-dev 2018-03-05 22:00:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfe2786432826bec81d7685001c3eca663ed1c26

commit bfe2786432826bec81d7685001c3eca663ed1c26
Author:     charIes17 <charles17@arcor.de>
AuthorDate: 2017-12-13 19:51:53 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2018-03-05 21:56:38 +0000

    lxde-base/lxterminal: version bump to 0.3.1 (CVE-2016-10369).
    
    Bug: https://bugs.gentoo.org/635992
    Closes: https://bugs.gentoo.org/607838
    Closes: https://bugs.gentoo.org/595904
    
    - Adjusted HOMEPAGE (avoid redirect).
    - Adjusted tarball from.gz to .xz.
    - Make repoman happy by re-adding ~arm64.
    - Add LINGUAS handling.
    - Add handling of live ebuild.
    
    Package-Manager: Portage-2.3.13, Repoman-2.3.3
    Closes: https://github.com/gentoo/gentoo/pull/5362

 lxde-base/lxterminal/Manifest                |  1 +
 lxde-base/lxterminal/lxterminal-0.3.1.ebuild | 47 ++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)}
Comment 4 Agostino Sarubbo gentoo-dev 2018-03-22 09:33:18 UTC
amd64 stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-22 22:40:40 UTC
ppc stable
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-25 22:45:18 UTC
x86 stable
Comment 7 Markus Meier gentoo-dev 2018-04-08 10:49:51 UTC
arm stable, all arches done.
Comment 8 Larry the Git Cow gentoo-dev 2018-04-08 13:32:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e473ad3bc53eabf3a6fb5f45c05dad208974bcb8

commit e473ad3bc53eabf3a6fb5f45c05dad208974bcb8
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-08 13:32:27 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-08 13:32:27 +0000

    lxde-base/lxterminal: drop vulnerable
    
    Bug: https://bugs.gentoo.org/635992
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 lxde-base/lxterminal/Manifest                 |  1 -
 lxde-base/lxterminal/lxterminal-0.1.11.ebuild | 26 --------------------------
 2 files changed, 27 deletions(-)}
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2018-04-08 13:33:16 UTC
GLSA Vote: No