|Summary:||app-shells/rssh possible local root vulnerability (v-s) (CVE-2005-3345)|
|Product:||Gentoo Security||Reporter:||Sune Kloppenborg Jeppesen <jaervosz>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Sune Kloppenborg Jeppesen 2005-12-10 05:20:12 UTC
Upstream is working on an updated version.
Comment 1 Thierry Carrez (RETIRED) 2005-12-14 10:11:23 UTC
Created attachment 74740 [details, diff] rssh.patch Full new version patch, from Derek D. Martin (upstream) We might not need the full thing.
Comment 2 Thierry Carrez (RETIRED) 2005-12-14 10:13:07 UTC
vapier: please extract useful patch and prepare an ebuild (attached here until embargo release date, set to Dec. 19).
Comment 3 Thierry Carrez (RETIRED) 2005-12-17 03:05:31 UTC
Two days left, would be good to have something up for testing soon :)
Comment 4 SpanKY 2005-12-18 20:37:10 UTC
is upstream going to release a new version ? be much saner to use that than try to rip out a patch i think
Comment 5 Sune Kloppenborg Jeppesen 2005-12-18 22:32:47 UTC
I think upstream is going to release a new version, but the patch used is attached to this bug.
Comment 6 SpanKY 2005-12-19 16:56:27 UTC
looks like upstream has made a 2.3.0 release but all the media is broken
Comment 7 Thierry Carrez (RETIRED) 2005-12-23 02:25:02 UTC
2.3.0 officially released, maybe the media are correct now...
Comment 8 SpanKY 2005-12-23 20:18:27 UTC
indeed 2.3.0 now in portage
Comment 9 Stefan Cornelius (RETIRED) 2005-12-23 23:40:26 UTC
ok, seems like all needed arches are already stable, ready for glsa
Comment 10 SpanKY 2005-12-23 23:42:23 UTC
hmm, not on purpose though ... best to have them review ;)
Comment 11 Mark Loeser (RETIRED) 2005-12-24 11:57:51 UTC
Looks alright on x86
Comment 12 Michael Hanselmann (hansmi) (RETIRED) 2005-12-25 04:30:21 UTC
Looks good on ppc.
Comment 13 Gustavo Zacarias (RETIRED) 2005-12-26 04:41:43 UTC
sparc looks fine too.
Comment 14 Stefan Cornelius (RETIRED) 2005-12-26 05:27:51 UTC
ready for glsa
Comment 15 Stefan Cornelius (RETIRED) 2005-12-27 07:46:47 UTC
GLSA 200512-15 Thanks to everybody who helped.