Bug 252403

Summary:	<games-arcade/emilia-pinball-0.3.1-r1: bundles its own copy of libltdl
Product:	Gentoo Security	Reporter:	Diego Elio Pettenò (RETIRED) <flameeyes>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	esigra, games
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	251464

Description Diego Elio Pettenò (RETIRED) gentoo-dev

2008-12-24 15:57:15 UTC

Should be better to check if it can use the system copy.

Comment 1 Samuli Suominen (RETIRED) gentoo-dev

2010-03-05 18:42:47 UTC

+*emilia-pinball-0.3.1-r1 (05 Mar 2010)
+
+  05 Mar 2010; Samuli Suominen <ssuominen@gentoo.org>
+  +emilia-pinball-0.3.1-r1.ebuild,
+  +files/emilia-pinball-0.3.1-libtool.patch:
+  Use system libltdl wrt #252403, thanks to Diego E. 'Flameeyes' Pettenò
+  for reporting.

@security: This is CVE-2009-3736.

Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2010-03-06 12:26:54 UTC

x86 stable

Comment 3 Markus Meier gentoo-dev

2010-03-06 13:53:01 UTC

amd64 stable

Comment 4 Joe Jezak (RETIRED) gentoo-dev

2010-03-09 22:31:21 UTC

Marked ppc stable.

Comment 5 Raúl Porcel (RETIRED) gentoo-dev

2010-04-13 18:03:36 UTC

alpha keyword dropped

Comment 6 Samuli Suominen (RETIRED) gentoo-dev

2010-04-13 18:07:37 UTC

all arches done

Comment 7 Tim Sammut (RETIRED) gentoo-dev

2010-11-19 19:13:07 UTC

GLSA Vote: No, binary planting attack against a game.

Comment 8 Stefan Behte (RETIRED) gentoo-dev

2010-11-21 16:20:12 UTC

Closing noglsa.