xv is linked statically to the tiff library, so it suffers from the vulnerabilities described in bug 75213 and it will not be fixed when the tiff library will be upgraded. We need to have a new depend (>=media-libs/tiff-3.7.1-r1) and an ebuild bump to be secure here.
Tavis : please bump with new dependency.
$ ldd `which xv` linux-gate.so.1 => (0xffffe000) libX11.so.6 => /usr/X11R6/lib/libX11.so.6 (0x40025000) libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x400ea000) libtiff.so.3 => /usr/lib/libtiff.so.3 (0x40106000) ^^^^---------------------------------------------- libpng.so.3 => /usr/lib/libpng.so.3 (0x40155000) libz.so.1 => /lib/libz.so.1 (0x40185000) libm.so.6 => /lib/libm.so.6 (0x40195000) libc.so.6 => /lib/libc.so.6 (0x401b6000) libdl.so.2 => /lib/libdl.so.2 (0x402c0000) libstdc++.so.5 => /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.4/libstdc++.so.5 (0x402c3000) libgcc_s.so.1 => /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.4/libgcc_s.so.1 (0x4038d000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) It looks like it's dynamically linked here, will experiment to see if there's some logic that might change that.
Thanks Tavis, looks like we're OK on this side.
