Summary: | net-misc/scponly: Privilege Escalation and Security Bypass Vulnerabilities | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | JG <jg> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://secunia.com/advisories/18223/ | ||||||
Whiteboard: | C1? [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
JG
2005-12-23 11:45:55 UTC
No official maintainer, grabbed 3 guys from changelog. Somebody please give this bug some love and provide updated ebuilds. Jeeves mentioned that this package is a candidate for removal - so if nobody reacts in time we might have to do that. Come on, nobody wants to step up to fix this? I'm afraid I only fixed a typo in $DESCRIPTION when I was tree-fixing ages ago, and I don't really have anything else to do with the package. It looks to me like matsuu's been doing all of the bumping. Yeah! My personal hero of the day, kloeri, tries to provide a fixed ebuild, thanks. Thanks kloeri, arches please test and mark stable amd64 stable x86 done thank you guys for the fixed ebuild! according to the developer, 4.3 will be released today because of some issues in 4.2 (i'm also suffering from this "chroot dir writable by group/other" discussed in the freebsd thread on the scponly list). https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001056.html JG 4.3 is released with stability fixorz, probably best to include that version and stableize it rather than break people systems by releasing the GLSA over 4.2 only... kloeri: I know I'm asking a lot, but would you be so kind ? 4.3 in cvs now. It's only a few lines changed but I yanked keywords back to ~arch anyway. Now, lets see if there'll be a 4.4 with my getopt patch in a day or two :) Created attachment 75668 [details, diff]
getopt patch from 4.2 changed for 4.3
i've used the ebuild and the changed the patch from 4.2. without the patch it isn't possible to compile 4.3 (as with 4.2) because of getopt errors in helper.c
scponly 4.3 works fine now and the users are able to login again.
JG
Thx Kloeri for the swift response. Arches please retest and mark stable. x86/amd64: Last arch out should remove version 4.2 which is buggy, so that application of the "unaffected:>=4.2" GLSA rule picks up 4.3 properly... thx in advance. amd64 stable, the second x86 stable, removed 4.2 Thx everyone ! GLSA 200512-17 is out. |