Bug 250476 (CVE-2008-5371)

Comment 1 Stefan Behte (RETIRED) 2009-03-22 19:02:04 UTC

I asked Marc, if he is getting this fixed, and he replied:


Sorry Craig, I do not have time to make changes on my OSS projects anymore, therefore I released the tool as OSS.

thanks
Marc 



Debian has a patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509332#10

Ali, can you have a look at this?

Comment 2 Alex Legler (RETIRED) 2009-06-08 16:19:12 UTC

Arches, please test and mark stable:
=app-misc/screenie-1.30.0-r1
Target keywords : "amd64 hppa ia64 sparc x86"


+*screenie-1.30.0-r1 (08 Jun 2009)
+
+  08 Jun 2009; Alex Legler <a3li@gentoo.org> +screenie-1.30.0-r1.ebuild,
+  +files/screenie-CVE-2008-5371.patch:
+  Non-maintainer commit: Applying patch for CVE-2008-5371, bug 250476.
+

Comment 3 Ferris McCormick (RETIRED) 2009-06-08 17:01:41 UTC

Sparc stable.

Comment 4 Christian Faulhammer (RETIRED) 2009-06-08 19:07:27 UTC

x86 stable

Comment 5 Jeroen Roovers (RETIRED) 2009-06-08 21:13:45 UTC

Stable for HPPA.

Comment 6 Raúl Porcel (RETIRED) 2009-06-09 14:39:44 UTC

ia64 stable

Comment 7 Markus Meier 2009-06-10 19:04:15 UTC

amd64 stable, all arches done.

Comment 8 Alex Legler (RETIRED) 2009-06-10 19:44:08 UTC

Vulnerable version removed.

GLSA voting, please.
As the Debian Symlink vulnerabilities usually got a GLSA, I vote YES.

Comment 9 Stefan Behte (RETIRED) 2009-06-12 22:09:29 UTC

Yes, too. Request filed.

Comment 10 Alex Legler (RETIRED) 2009-09-09 13:34:58 UTC

GLSA 200909-09