Summary: | games-simulation/secondlife-bin Login mechanism data disclosure (CVE-2007-{4960,4961}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | enhancement | CC: | gbugs, lavajoe |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.gnucitizen.org/blog/ie-pwns-secondlife | ||
Whiteboard: | ~4 [upstream?] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-12-01 13:54:22 UTC
According to both Secunia and OSVDB these issues seem to be unfixed. I did not confirm this myself, but it might be worthwhile to check or contact upstream for a statement. Joe: toei.rei@stargazer.at is listed in metadata.xml, but does not have a bugzilla account. 1) LL Bug in their tracker: http://jira.secondlife.com/browse/VWR-2508 2) As we don't 'dobin' the register_secondlifeprotocol.sh script, so it doesn't get executed and we don't handle the secondlife:// protocol Hi, take a look at comment #2 - I think this can be closed. ok, closing as invalid then. |