Summary: | net-www/gplflash 0.4.13 ebuild fails due to insecure RUNPATH's | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | jmdorfman |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | danarmak, frederico, gazman, mozilla, weeve |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 81745 |
Description
jmdorfman
2005-12-04 00:24:19 UTC
gplflash's build system has wicked broken autotool handling ... in this case, they decided to override the default install target by copying the temp .so file to the install path (which was built with -rpath) should be fixed in gplflash-0.4.13-r1 *** Bug 115835 has been marked as a duplicate of this bug. *** Any hint if this would also affect < 0.4.13 ? no idea, but it'd prob be best if we punted the older versions anyways Then we should test and mark 0.4.13-r1 stable. I have epiphany-1.6.4, mozilla-1.7.12-r2, and mozilla-firefox-1.0.7 installed and all of them fail to detect and use the gplflash-0.4.13-r1 plugin when I install it. same here on amd64, firefox can't find the plugin. however, i tried the latest stable (0.4.10-r3) and apparently it is safe, so there is no need to speed up stablization IMHO OK so let's consider this only affects the recent ~ version and close the security bug. Feel free to open a separate bug or to reassign this one if you want to solve the "0.4.13-r1 sucks" issue... and do not forget to close. |