Summary: | www-client/lynx: arbitrary command execution via lynxcgi (CVE-2005-2929) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | CC: | dmwaters, seemant | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://marc.theaimsgroup.com/?l=full-disclosure&m=113172754719215&w=2 | ||||||||
Whiteboard: | A2 [stable] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Tavis Ormandy (RETIRED)
2005-11-11 11:48:42 UTC
Created attachment 72720 [details]
lynx-2.8.6_pre15.ebuild
Here are the changes I had to make in my local tree for this bug.
adding ppc-macos to check the patch. ppc-macos keyword is dropped in the patch. Created attachment 72774 [details, diff]
ppc-macos changes
applying the above patch to the lynx-2.8.6_pre15.ebuild file, cleans up the
darwin/osx mess. This new version seems to compile and work fine for ppc-macos
without additional tweaks. I tested, and hence added back the ~ppc-macos
keyword.
arch teams -- please test lynx-2.8.5-r2 and mark stable Fabian -- please make sure ppc-macos is ok with 2.8.5-r2 as well silly seemant you asked for arch testing but forgot to ~arch the keywords. I reverted those for you and the arches right quick. I also tested on x86 and it looks pretty good so I left it in stable. ppc64 stable Stable on SPARC amd64 done (In reply to comment #5) > Fabian -- please make sure ppc-macos is ok with 2.8.5-r2 as well At your service! marked 2.8.5-r2 stable and made darwin patch unconditional (getting rid of the conditional in the ebuild) Alpha happy Stable on ppc, hppa. GLSA 200511-09 arm, ia64, mips, s390 should mark stable to benefit from GLSA ia64 and mips, please do mark stable Stable on mips. |