Summary: | dev-util/aegis<=4.24 symlink attack (CVE-2008-4938) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | flameeyes |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sourceforge.net/tracker/index.php?func=detail&aid=2079025&group_id=224&atid=100224 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 235770 |
Description
Stefan Behte (RETIRED)
2008-11-05 22:01:08 UTC
From #235770: DEBIAN: http://bugs.debian.org/496402 DEBIAN: http://bugs.debian.org/496400 FILES: bng_dvlpd.sh, bng_rvwd.sh, awt_dvlp.sh, awt_intgrtn.sh, aegis.cgi CODE: http://dev.gentoo.org/~rbu/security/debiantemp/aegis CODE: http://dev.gentoo.org/~rbu/security/debiantemp/aegis-web No maintainer...shall we remove or hardmask it?! awt_dvlp.sh, awt_intgrtn.sh is addressed in 4.24.1 via http://sourceforge.net/tracker/index.php?func=detail&aid=2079025&group_id=224&atid=100224 aegis.cgi is removed in 4.24.1, a patch would have been here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496400#24 upstream bug for the remaining files: https://sourceforge.net/tracker/?func=detail&aid=2820524&group_id=224&atid=100224 Since I got two bugs open for this package already, should we go looking for somebody to fix this? Masked for removal (In reply to comment #5) > Masked for removal > Removed from tree (in light of on-going dev-vcs category moving.) GLSA: no NO too, closing. |