Summary: | app-shells/rssh possible local root vulnerability (v-s) (CVE-2005-3345) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B1 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-12-10 05:20:12 UTC
Created attachment 74740 [details, diff]
rssh.patch
Full new version patch, from Derek D. Martin (upstream)
We might not need the full thing.
vapier: please extract useful patch and prepare an ebuild (attached here until embargo release date, set to Dec. 19). Two days left, would be good to have something up for testing soon :) is upstream going to release a new version ? be much saner to use that than try to rip out a patch i think I think upstream is going to release a new version, but the patch used is attached to this bug. looks like upstream has made a 2.3.0 release but all the media is broken 2.3.0 officially released, maybe the media are correct now... indeed 2.3.0 now in portage ok, seems like all needed arches are already stable, ready for glsa hmm, not on purpose though ... best to have them review ;) Looks alright on x86 Looks good on ppc. sparc looks fine too. ready for glsa GLSA 200512-15 Thanks to everybody who helped. |