Summary: | dev-db/qt-unixODBC contains insecure RUNPATH's | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Ashu Tiwary <ashutiwary> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | kde | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B3 [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 105695 | ||||||
Bug Blocks: | 81745 | ||||||
Attachments: |
|
Description
Ashu Tiwary
2005-09-12 12:16:30 UTC
Created attachment 68280 [details]
logfile for "emerge dev-d/qt-unixODBC"
i was able to successfully emerge qt-unixODBC using the makemaker perl hack described in bug id 105054 (In reply to comment #2) > i was able to successfully emerge qt-unixODBC using the makemaker perl hack > described in bug id 105054 actually - i lied - in the hurry of copy/n/paste'ing to report these issues, i had copied this section as well - the only one that has worked w/ the makemaker perl hack has been "emerge media-gfx/imagemagick-6.2.4.2" CCing maintainers I've put qt's no-rpath.patch in this ebuild as well (as 3.3.4-r1). Please try it again and see if it fixes this for you, and if so please close the bug. yep - that worked Reopening for GLSA decision. Though it is rated B2 I guess we could need a vote. I tend to vote YES. Since the fix is shipped in QT rather than in qt-unix-odbc maybe a common GLSA with bug 105695 is preferable ? Let's do a common GLSA with qt. We'll rather do a common GLSA with other RUNPATH portage -> root priv escalation issues. Let's make a GLSA with those that are ready. GLSA 200510-14 |