Summary: | kde-base/arts Unchecked set*uid() calls (CVE-2006-2916) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | kde, tcort | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.kde.org/info/security/advisory-20060614-2.txt | ||||||
Whiteboard: | A2 [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-06-07 12:22:34 UTC
Created attachment 88621 [details, diff]
arts-3.5.3.diff
Carlo please attach an updated ebuild. Do not commit anything to Portage yet. Nice one... Public disclosure is 2006-06-15 together with a kdm symlink attack vulnerability fix. Is there another hidden bug about it or should I open one? Will prepare the fixes late this evening or tomorrow. Changing whiteboard to SEMI-PUBLIC as the general issue is already public. Carlo up to you wether we should test the ebuild on this bug or commit direct to Portage (with only the bug number mentioned in the ChangeLog). arts-3.4.3-r1.ebuild arts-3.5.2-r1.ebuild I'm not sure who is responsible for KDE security bumps, but these are the ebuilds, which need to go stable. Sune: Sorry that I'm later than predicted. Changed kde eclasses and fought with repoman acting very weird. arches, please test if this is stable and report back. Altough this is set as semi-public, better dont commit anything yet. Thanks Passing on to weeve, he's our kde mofo and i'm not feeling quite well yet. (In reply to comment #6) > arches, please test if this is stable and report back. Altough this is set as > semi-public, better dont commit anything yet. Thanks Hu? I committed patch and ebuilds so everyone can read it. The patch is in KDE svn, so everyone can read it. It would be careless not to mark the ebuilds stable asap. Please test and MARK stable, this ain't no security drill so please just mark stable in the tree. stable on ppc64 @security: remove security liasons and add archs to CC? It's still semi public, so we cannot add arches until it is completely opened. SPARC is good here (or as good as arts ever gets). ppc stable (In reply to comment #13) > ppc stable > You missed arts-3.4.3-r1 Based on comment #6, I have not touched the SPARC keywords from what they were when the ebuilds entered the tree. Do you folks want to work this like the kdm bug or would you like the arch maestros to keyword the ebuilds? Jason please commit, we work directly in the tree on this one (see comment #9). Ah missed that one. Thanks for the pointer :) SPARC is now stable. (In reply to comment #14) > (In reply to comment #13) > > ppc stable > > > > You missed arts-3.4.3-r1 Oops ;) arts-3.4.3-r1 also ppc stable :) Announcement is out, so the bug can be opened and arches cc'ed. Arches please test and mark stable. arts-3.4.3-r1 and arts-3.5.2-r1 stable on alpha and amd64. stable on hppa Didn't want to wait forever on second pair of eyes. Stable on x86. Thx Carsten. Ready for GLSA. Security please review draft. GLSA 200606-22 ia64 don't forget to mark stable to benifit from the GLSA. |