Summary: | app-text/tetex < 3.0_p1-r4 Multiple buffer overflows (CVE-2007-0650) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | fauli, hkmaly, p_ansell, rbu, tex |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://issues.rpath.com/browse/RPL-1036 | ||
Whiteboard: | B2 [glsa] Falco | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 182055, 188172 |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2007-03-14 12:38:30 UTC
CCign herd not all issues are patched according to https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225491 Fixes for rPath are out. any news here? text-markup, any news here? py, this is maintained by the tex herd in the meantime. Fixed in app-text/tetex-3.0_p1-r4. Thanks rbu. Arches, please test and mark stable app-text/tetex-3.0_p1-r4. Target keywords are: "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~x86-fbsd" py: shouldn't this bug also block bug 188172? x86 stable and I added a other_bugs as suggested by rbu. alpha/ia64 stable ppc64 stable Stable for HPPA. During the merging I saw the message: "/usr/portage/eclass/tetex-3.eclass: line 36: tetex_pkg_setup: command not found" tetex-3.eclass run the function tetex_pkg_setup which is inherited from tetex.eclass. Problem is that QA remove the whole function as you can see in bug #156213. Please remove it from tetex-3.eclass (if is no longer needed). (In reply to comment #14) > During the merging I saw the message: > "/usr/portage/eclass/tetex-3.eclass: line 36: tetex_pkg_setup: command not > found" > > tetex-3.eclass run the function tetex_pkg_setup which is inherited from > tetex.eclass. Problem is that QA remove the whole function as you can see in > bug #156213. > > Please remove it from tetex-3.eclass (if is no longer needed). This has been reported as bug #191046, too. ppc stable (In reply to comment #15) > (In reply to comment #14) > > During the merging I saw the message: > > "/usr/portage/eclass/tetex-3.eclass: line 36: tetex_pkg_setup: command not > > found" > > > > tetex-3.eclass run the function tetex_pkg_setup which is inherited from > > tetex.eclass. Problem is that QA remove the whole function as you can see in > > bug #156213. > > > > Please remove it from tetex-3.eclass (if is no longer needed). > > This has been reported as bug #191046, too. > Any chance to get it solved before marking tetex as stable? Wrt. bug #189716 (upstream changed the tarball with no bump) thus far two arch maintainers on this bug has stabled the wrong tarball. For the remaining arch teams do make sure to fetch the right tarball before stabilizing.. ;) (In reply to comment #18) > For the remaining arch > teams do make sure to fetch the right tarball before stabilizing.. ;) To be more specific. Please make sure your Manifest contains: DIST tetex-texmf-3.0.tar.gz 91402377 RMD160 a1e87733fa3cbef04e39a690ed8549aeaaddb241 SHA1 1be97f57a26a6e9b72ebfd932e45914a959aff16 SHA256 6c3b8fa619749cbb28ca0f8847e56773d13e0bb92f1ea34287420950373640c2 (In reply to comment #17) > > bug #191046. > Any chance to get it solved before marking tetex as stable? Peper just fixed it. (In reply to comment #19) > (In reply to comment #18) > > For the remaining arch > > teams do make sure to fetch the right tarball before stabilizing.. ;) > > To be more specific. Please make sure your Manifest contains: > DIST tetex-texmf-3.0.tar.gz 91402377 RMD160 > a1e87733fa3cbef04e39a690ed8549aeaaddb241 SHA1 > 1be97f57a26a6e9b72ebfd932e45914a959aff16 SHA256 > 6c3b8fa619749cbb28ca0f8847e56773d13e0bb92f1ea34287420950373640c2 Tested the new tarball, works fine. > > (In reply to comment #17) > > > bug #191046. > > Any chance to get it solved before marking tetex as stable? > > Peper just fixed it. > Thanks, sparc stable. amd64 stable Please make sure the manifest is correct when stabilising this bug :) It caused me about 600MB of download that I know of so far re-downloading the file so it does have an impact on users. See bug #189716 All security supported arches done, glsa should be emitted combining this bug with bug 182055 and bug 188172. (In reply to comment #23) > All security supported arches done, glsa should be emitted combining this bug > with bug 182055 and bug 188172. I'd also bet on the outcome, but shouldn't there be a vote? nope, not with B2 ;-) GLSA 200709-17, thanks everybody and sorry for the delay. Isn't cstetex (last version - app-text/cstetex-2.0.2-r2) also affected by this bug ? (In reply to comment #27) > Isn't cstetex (last version - app-text/cstetex-2.0.2-r2) also affected by this > bug ? Yes, thanks for reporting. See bug 196673. |