Summary: | libtecla-1.6.0 insecure RUNPATHs | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Peter Simons <simons> |
Component: | Runpath Issues | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sci |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Attachments: | remove insecure runpaths from enhance binary |
Description
Peter Simons
2006-01-18 12:44:26 UTC
Created attachment 77492 [details, diff]
remove insecure runpaths from enhance binary
Hi Peter,
Thanks for your report. Could you please try the attached patch and
report back if it fixes the RUNPATH issues on your setup.
Thanks,
Markus
Yes, the patch fixes the problem. Thanks a lot for the quick response! One more thing: There is a new version of libtecla available at <http://www.astro.caltech.edu/~mcs/tecla/libtecla-1.6.1.tar.gz>. Simply renaming the current EBUILD suffices to update the package. Could you do that, or shall I submit a new PR for this purpose? Hi Peter, Thanks for testing and I am glad the fix works:). I'll prepare -r1 that will contain this fix and also see that I bump the ebuild, hence no need for opening another bug. Thanks, Markus I've just committed libtecla-1.6.0-r1 to CVS that includes this patch and therefore fixes the insecure runpath issues. Could we possibly stabilize this version on x86? x86 please test and mark libtecla-1.6.0-r1 stable stable on x86 Hi, what about that bug opened for more than 2 months ? was it forgotten ? Thanks for the notice. I just removed the vulnerable version from Portage, so everything should be fine now. I will let the security team close the bug as it is assigned to them. Thx Oliver and Raphael. Yes, thank you to everyone who was involved in fixing this problem. I appreciate your help. |