Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 115082

Summary: app-shells/rssh possible local root vulnerability (v-s) (CVE-2005-3345)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: major    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---
Description Flags
rssh.patch none

Description Sune Kloppenborg Jeppesen gentoo-dev 2005-12-10 05:20:12 UTC
Upstream is working on an updated version.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-12-14 10:11:23 UTC
Created attachment 74740 [details, diff]

Full new version patch, from Derek D. Martin (upstream)
We might not need the full thing.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-12-14 10:13:07 UTC
vapier: please extract useful patch and prepare an ebuild (attached here until
embargo release date, set to Dec. 19).
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-12-17 03:05:31 UTC
Two days left, would be good to have something up for testing soon :)
Comment 4 SpanKY gentoo-dev 2005-12-18 20:37:10 UTC
is upstream going to release a new version ?  be much saner to use that than try to rip out a patch i think
Comment 5 Sune Kloppenborg Jeppesen gentoo-dev 2005-12-18 22:32:47 UTC
I think upstream is going to release a new version, but the patch used is attached to this bug.
Comment 6 SpanKY gentoo-dev 2005-12-19 16:56:27 UTC
looks like upstream has made a 2.3.0 release but all the media is broken
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2005-12-23 02:25:02 UTC
2.3.0 officially released, maybe the media are correct now...
Comment 8 SpanKY gentoo-dev 2005-12-23 20:18:27 UTC

2.3.0 now in portage
Comment 9 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-23 23:40:26 UTC
ok, seems like all needed arches are already stable, ready for glsa
Comment 10 SpanKY gentoo-dev 2005-12-23 23:42:23 UTC
hmm, not on purpose though ... best to have them review ;)
Comment 11 Mark Loeser (RETIRED) gentoo-dev 2005-12-24 11:57:51 UTC
Looks alright on x86
Comment 12 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-12-25 04:30:21 UTC
Looks good on ppc.
Comment 13 Gustavo Zacarias (RETIRED) gentoo-dev 2005-12-26 04:41:43 UTC
sparc looks fine too.
Comment 14 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-26 05:27:51 UTC
ready for glsa
Comment 15 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-27 07:46:47 UTC
GLSA 200512-15
Thanks to everybody who helped.