Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 136065

Summary: dev-lang/pike: <7.6.86 SQL injection vuln
Product: Gentoo Security Reporter: Raphael Marichez (Falco) (RETIRED) <falco>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: araujo
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/20494/
Whiteboard: B3 [glsa] jaervosz
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 116795    
Attachments:
Description Flags
scanelf-execstack.log of Christian Faulhammer none

Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-08 06:25:24 UTC
Software:	Pike 7.x

Description:
A vulnerability has been reported in Pike, which potentially can be exploited by malicious people to conduct SQL injection attacks.

Some unspecified input isn't properly sanitised before being used in a SQL query in a PostgreSQL database. This may be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability has been reported in version 7.6.66. Prior versions may also be affected.

Solution:
Update to version 7.6.86.
http://pike.ida.liu.se/download/

Provided and/or discovered by:
Reported by the vendor.
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-08 06:27:21 UTC
No herd, no maintainer :(((



no-herd@gentoo.org, please provide a new 7.6.86 ebuild
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-08 06:28:56 UTC
Vapier, you was the latest who made a bump on this package. Mind to bump again ?
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-18 04:27:58 UTC
security devs, please email gentoo-dev@ , there is no herd and no maintainer for dev-lang/pike
Comment 4 SpanKY gentoo-dev 2006-06-18 09:06:12 UTC
i'm working on it, just havent gotten the bugs ironed out yet
Comment 5 Sune Kloppenborg Jeppesen gentoo-dev 2006-06-18 09:08:46 UTC
-dev mailed.
Comment 6 Sune Kloppenborg Jeppesen gentoo-dev 2006-06-30 09:21:32 UTC
mike any news on this one?
Comment 7 Luis Araujo (RETIRED) gentoo-dev 2006-07-07 17:12:09 UTC
I just updated the version of pike to 7.6.86, so this bug shouldn't be there, also revbump 7.6.50 to fix bug #116795 (also fixed in latest version).

I also added myself as the maintainer of this package, and tweaked the configuration so now it needs gmp/nettle (crashes without them) , so let me know if any problem.

Closing bug....
Comment 8 Sune Kloppenborg Jeppesen gentoo-dev 2006-07-07 23:34:48 UTC
@Luis since this is only fixed in 7.6.86 is this version ready for stable marking?
Comment 9 Luis Araujo (RETIRED) gentoo-dev 2006-07-08 00:40:16 UTC
Yes Sune , i think this version should be marked stable.

Comment 10 Sune Kloppenborg Jeppesen gentoo-dev 2006-07-08 04:27:58 UTC
Thx Luis.

Arches please test and mark 7.6.86 stable.
Comment 11 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-08 06:50:11 UTC
1) emerges fine
2) does not pass test suite

Doing tests in tlib/modules/testsuite (324 tests)
test 319, line 807
[WATCHDOG] Pike testsuite timeout, sending SIGABRT.
Failed to parse subresult for testsuite "tlib/modules/testsuite" (exitcode:-1):

3) passes collision test
4) QA Notice: the following files contain executable stacks
 Files with executable stacks will not work properly (or at all!)
 on some architectures/operating systems.  A bug should be filed
 at http://bugs.gentoo.org/ to make sure the file is fixed.
 For more information, see http://hardened.gentoo.org/gnu-stack.xml
 Please include this file in your report:
 /var/tmp/portage/pike-7.6.86/temp/scanelf-execstack.log
"RWX --- --- usr/lib/pike/modules/Image.so"

Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-gentoo-r12 i686)
=================================================================
System uname: 2.6.16-gentoo-r12 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.6.15
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O0"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-O0"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa apache2 arts artworkextra asf audiofile avi bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds emacs emboss encode esd evo exif expat fam fat fbcon fdftk ffmpeg firefox foomaticdb fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal howl icq idn imagemagick imap imlib ipv6 isdnlog java javascript jikes jpeg jpeg2k kde ldap leim libg++ libwww lm_sensors mad maildir matroska mbox mikmod mime mmx mmxext mng mono motif mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nowebdav nptl nptlonly nsplugin nvidia ogg opengl pam pcre pdf pdflib perl plotutils pmu png ppds pppd preview-latex print python qt qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb vcd videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib elibc_glibc input_devices_mouse input_devices_keyboard kernel_linux linguas_de userland_GNU video_cards_radeon video_cards_vesa video_cards_fbdev"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 12 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-08 07:05:55 UTC
Created attachment 91204 [details]
scanelf-execstack.log of Christian Faulhammer
Comment 13 Luis Araujo (RETIRED) gentoo-dev 2006-07-08 19:33:05 UTC
Can you please describe what steps are you taking to emerge the package? , i don't find to reproduce this bug. I am using amd64 , anyone else with a x86 box who could test this?
Comment 14 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-09 01:42:57 UTC
emerge pike on my system wants gmp pdflib and nettle additionally to pike itself.  I have FEATURES="test", without test it runs through fine...I also used the ebuild utility to perform all steps separately.

Failed a different test on a different run:
Doing tests in tlib/modules/testsuite (324 tests)
test 317, line 739
[WATCHDOG] Pike testsuite timeout, sending SIGABRT.


Some pike source code runs fine though...
Comment 15 Paul Varner (RETIRED) gentoo-dev 2006-07-09 14:27:29 UTC
With FEATURES="test" works fine for me on x86 with following USE flags, I'll mark stable shortly.

dev-lang/pike-7.6.86  USE="gdbm gif gtk jpeg mime opengl pcre pdf sdl ssl svg tiff truetype zlib -bzip2 -debug -doc -fftw -hardened -kerberos -mmx -mysql -scanner"
Comment 16 Paul Varner (RETIRED) gentoo-dev 2006-07-09 14:48:19 UTC
Stable on x86.
Comment 17 Luis Araujo (RETIRED) gentoo-dev 2006-07-09 15:52:41 UTC
(In reply to comment #14)
> emerge pike on my system wants gmp pdflib and nettle additionally to pike
> itself.  I have FEATURES="test", without test it runs through fine...I also
> used the ebuild utility to perform all steps separately.
> 

Yes, one of the main changes of this new ebuild version is precisely that gmp/nettle are mandatory deps, and pdflib required with doc.

> Failed a different test on a different run:
> Doing tests in tlib/modules/testsuite (324 tests)
> test 317, line 739
> [WATCHDOG] Pike testsuite timeout, sending SIGABRT.
> 
> 
> Some pike source code runs fine though...
> 

I can run all my pike scripts fine, and i still don't get to reproduce this bug, anyone from the amd64 team who could give it a try please?
Comment 18 Luis Araujo (RETIRED) gentoo-dev 2006-07-09 15:54:06 UTC
(In reply to comment #16)
> Stable on x86.
> 

Thanks Paul
Comment 19 Tobias Scherbaum (RETIRED) gentoo-dev 2006-07-10 11:51:09 UTC
Breaks for me on ppc:

Making install in build/linux-2.6.17-ppc
make[2]: Entering directory `/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/build/linux-2.6.17-ppc'
/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/lib/modules/_Image.pmod/module.pmod:63:Index 'RENDER' not present in module 'GIF'.
/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/lib/modules/GTKSupport.pmod/Util.pmod:13:Index '_decode' not present in module 'Image'.
/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/lib/modules/GTKSupport.pmod/Util.pmod:21:Index '_load' not present in module 'Image'.
/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/bin/install.pike:954:Error looking up 'Util' in module 'GTK'.
Pike: Failed to compile script:
Compilation failed.

master.pike:2656:
    master()->_main(({"/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/build/linux-2.6.17-ppc/pike","-DNOT_INSTALLED","-DPRECO
    MPILED_SEARCH_MORE",,,14}),({"PVR=7.6.86","STARTDIR=/root",,,172}))
make[2]: *** [install] Error 10
make[2]: Leaving directory `/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/build/linux-2.6.17-ppc'
make[1]: *** [compile] Error 2
make[1]: Leaving directory `/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86'
make: *** [install_nodoc] Error 2

!!! ERROR: dev-lang/pike-7.6.86 failed.
Call stack:
  ebuild.sh, line 1539:   Called dyn_install
  ebuild.sh, line 1013:   Called src_install
  pike-7.6.86.ebuild, line 93:   Called die


[ebuild  N    ] dev-lang/pike-7.6.86  USE="gtk ssl tiff -bzip2 -debug -doc -fftw -gdbm -gif -hardened -jpeg -kerberos -mime -mysql -opengl -pcre -pdf -scanner -sdl -svg -truetype -zlib" 0 kB
Comment 20 Luis Araujo (RETIRED) gentoo-dev 2006-07-11 00:50:20 UTC
(In reply to comment #16)
> Stable on x86.
> 

There existed some sandbox violation problems with this ebuild. I couldn't reproduce it until a few days ago, and now i fixed it in the new revision of the ebuild, please test again and mark stable if possible.

Also, play with the several different use flags combinations, i also fixed a 'doc' useflag problem in this new ebuild, so test hard with this flag enabled.

Thanks.
Comment 21 Luis Araujo (RETIRED) gentoo-dev 2006-07-11 04:19:39 UTC
(In reply to comment #19)
> Breaks for me on ppc:
> 
> Making install in build/linux-2.6.17-ppc
> make[2]: Entering directory
> `/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/build/linux-2.6.17-ppc'
> /var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/lib/modules/_Image.pmod/module.pmod:63:Index
> 'RENDER' not present in module 'GIF'.
> /var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/lib/modules/GTKSupport.pmod/Util.pmod:13:Index
> '_decode' not present in module 'Image'.
> /var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/lib/modules/GTKSupport.pmod/Util.pmod:21:Index
> '_load' not present in module 'Image'.
> /var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/bin/install.pike:954:Error
> looking up 'Util' in module 'GTK'.
> Pike: Failed to compile script:
> Compilation failed.
> 
> master.pike:2656:
>    
> master()->_main(({"/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/build/linux-2.6.17-ppc/pike","-DNOT_INSTALLED","-DPRECO
>     MPILED_SEARCH_MORE",,,14}),({"PVR=7.6.86","STARTDIR=/root",,,172}))
> make[2]: *** [install] Error 10
> make[2]: Leaving directory
> `/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86/build/linux-2.6.17-ppc'
> make[1]: *** [compile] Error 2
> make[1]: Leaving directory `/var/tmp/portage/pike-7.6.86/work/Pike-v7.6.86'
> make: *** [install_nodoc] Error 2
> 
> !!! ERROR: dev-lang/pike-7.6.86 failed.
> Call stack:
>   ebuild.sh, line 1539:   Called dyn_install
>   ebuild.sh, line 1013:   Called src_install
>   pike-7.6.86.ebuild, line 93:   Called die
> 
> 
> [ebuild  N    ] dev-lang/pike-7.6.86  USE="gtk ssl tiff -bzip2 -debug -doc
> -fftw -gdbm -gif -hardened -jpeg -kerberos -mime -mysql -opengl -pcre -pdf
> -scanner -sdl -svg -truetype -zlib" 0 kB
> 

Thanks Tobias,

This was a gtk dependency problem, i already fixed in the latest
revision. Please test again.

note: do as many useflags combinations as you can.
Comment 22 Simon Stelling (RETIRED) gentoo-dev 2006-07-19 09:36:25 UTC
it failed here on amd64 with a strange 'gcc: gdb: No such file or directory' error, but the latest stable fails exactly the same way. Somebody else from the amd64 team please give it a try.

make[5]: Entering directory `/var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/build/linux-2.6.15-gentoo-r5-x86_64/post_modules/GL'
Compiling /var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/src/post_modules/GL/top.c
gcc: gdb: No such file or directory
WARNING: Compiler failure! Trying without optimization!
/var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/build/linux-2.6.15-gentoo-r5-x86_64/pike -DNOT_INSTALLED -DPRECOMPILED_SEARCH_MORE -m/var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/build/linux-2.6.15-gentoo-r5-x86_64/master.pike  /var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/src/post_modules/GL/gen.pike < /var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/src/post_modules/GL/auto.c.in > auto.c
Compiling auto.c
gcc: gdb: No such file or directory
WARNING: Compiler failure! Trying without optimization!
Linking GL
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/../../../../x86_64-pc-linux-gnu/bin/ld: top.o: relocation R_X86_64_32 against `msg_out_of_mem_2' can not be used when making a shared object; recompile with -fPIC
top.o: could not read symbols: Bad value
collect2: ld returned 1 exit status
Linking failed:
/var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/bin/smartlink gcc -shared  -o module.so top.o auto.o -R/usr/local/lib -L/usr/local/lib -R/usr/local/lib32 -L/usr/local/lib32 -R/usr/local/lib64 -L/usr/local/lib64 -R/usr/X11R6/lib -L/usr/X11R6/lib -R/usr/X11R6/lib32 -L/usr/X11R6/lib32 -R/usr/X11R6/lib64 -L/usr/X11R6/lib64 -lGL -lXext -lX11 -ldl -lrt -lnsl -lm -lpthread -lcrypt /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libgcc.a -lc /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libgcc.a
make[5]: *** [module.so] Error 1

my USE flaggery: 

[ebuild  N    ] dev-lang/pike-7.6.86-r1  USE="debug gtk jpeg opengl pcre sdl ssl 
svg tiff truetype zlib -bzip2 -doc -fftw -gdbm -hardened -kerberos -mime -mysql -pdf -scanner" 0 kB


also, readding x86 as their keyword got lost
Comment 23 Christian Faulhammer (RETIRED) gentoo-dev 2006-07-20 00:01:22 UTC
pike 7.6.86-r1

1) emerges fine, but textrel (see above) still remains
2) still fails on test 317 of tlib/modules/testsuite (see above), but scripts run perfectly
3) passes collision test
Comment 24 Joshua Jackson (RETIRED) gentoo-dev 2006-07-20 20:54:46 UTC
x86 is outta here. ^.^
Comment 25 nixnut (RETIRED) gentoo-dev 2006-07-28 12:36:17 UTC
Pike fails to pass its testsuite here. 

Doing tests in tlib/modules/Calendar.pmod/testsuite (416 tests)
/var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/lib/modules/Calendar.pmod/test
suite.in:49: Test 30 (shift 0) failed.
  1: mixed a() { return Calendar.parse("%Y-%M-%D %h:%m","2040-11-08 2:46"); }
  2: mixed b() { return Calendar.Minute(2040,11,8,2,46) ; }
  3:            
 
Error: Time is out of range for Timezone.localtime()


FEATURES="test" USE="test tiff bzip2 fftw kerberos mime mysql pdf scanner" emerge pike

Portage 2.1-r1 (default-linux/ppc/ppc32/2006.1/G4, gcc-4.1.1, glibc-2.4-r3, 2.6.
17.4 ppc)       
=================================================================
System uname: 2.6.17.4 ppc 7447A, altivec supported
Gentoo Base System version 1.6.15
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r4
ACCEPT_KEYWORDS="ppc"
AUTOCLEAN="yes"
CBUILD="powerpc-unknown-linux-gnu"
CFLAGS="-O2 -mcpu=G4 -mtune=G4 -maltivec -mabi=altivec -fno-strict-aliasing -pipe"
CHOST="powerpc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo"
CXXFLAGS="-O2 -mcpu=G4 -mtune=G4 -maltivec -mabi=altivec -fno-strict-aliasing -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig confcache distlocks metadata-transfer parallel-fetch sandbox sfperms strict userpriv usersandbox"
GENTOO_MIRRORS="http://ftp.snt.utwente.nl/pub/os/linux/gentoo                  http://pandemonium.tiscali.de/pub/gentoo/                  http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/"
PKGDIR="/usr/portage/packages"
SYNC="rsync://192.168.1.33/gentoo-portage"
USE="X alsa altivec apache2 arts berkdb bitmap-fonts bonobo cairo cdr cli crypt cups divx4linux dlloader dri dvd dvdread eds emboss encode esd flac fortran gdbm gif glitz gnome gpm gstreamer gtk gtkhtml ipv6 isdnlog jpeg kde kdeenablefinal ldap libg++ libwww mad mikmod mozilla mp3 mpeg ncurses network nls nptl nptlonly ogg opengl pam pcre pdflib perl png ppc pppd python qt qt3 quicktime readline reflection ruby sdl session spell spl ssl svg tcpd theora truetype truetype-fonts type1-fonts udev unicode userlocales vorbis xine xml xorg xv xvid zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux userland_GNU"   
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 26 nixnut (RETIRED) gentoo-dev 2006-07-28 12:44:55 UTC
Uhm, actually it is a bit worse, 9 tests fail.

Failed tests: 9.
Total tests: 150999  (63 tests skipped)
Finished tests at Fri Jul 28 21:26:30 2006
make[2]: *** [verify] Error 9
make[2]: Leaving directory `/var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86/build/linux-2.6.17.4-ppc'
make[1]: *** [compile] Error 2
make[1]: Leaving directory `/var/tmp/portage/pike-7.6.86-r1/work/Pike-v7.6.86'
make: *** [verify] Error 2

Sorry for the bugspam
Comment 27 Simon Stelling (RETIRED) gentoo-dev 2006-07-31 02:38:55 UTC
b33fc0d3 verified it builds, it just fails regarding multilib-strict on amd64, but as the latest stable does so too and it is only cosmetic, i marked it stable anyway, so...

amd64 done
Comment 28 Luis Araujo (RETIRED) gentoo-dev 2006-08-01 04:26:10 UTC
That's fine.

Thanks Simon.
Comment 29 Tobias Scherbaum (RETIRED) gentoo-dev 2006-08-03 12:41:39 UTC
ppc stable
Comment 30 Stefan Cornelius (RETIRED) gentoo-dev 2006-08-03 12:48:08 UTC
weak yes here
Comment 31 Wolf Giesen (RETIRED) gentoo-dev 2006-08-04 02:55:57 UTC
Another weak yes.
Comment 32 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-05 09:51:31 UTC
> Another weak yes.

same
Comment 33 Thierry Carrez (RETIRED) gentoo-dev 2006-08-05 09:54:26 UTC
OK, let's have one.
Comment 34 Sune Kloppenborg Jeppesen gentoo-dev 2006-08-06 12:43:32 UTC
GLSA 200608-10