Summary: | <x11-misc/slim-1.3.2: Insecure PATH Assignment (CVE-2010-2945) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://svn.berlios.de/wsvn/slim?op=comp&compare[]=/@170&compare[]=/@171 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-08-20 17:40:12 UTC
Gentoo Version 1.3.1_p20091114: default_path ./:/bin:/usr/bin:/usr/local/bin Gentoo Version 1.3.2: default_path /bin:/usr/bin:/usr/local/bin My ACK for stablereq, proceed at security teams discretion since it hasn't been the normal 30 days. Keywords: slim-1.3.1_p20091114[0]: amd64 ppc ppc64 sparc x86 Keywords: slim-1.3.2[0]: ~amd64 ~ppc ~ppc64 ~sparc ~x86 Arches, please test and mark stable: =x11-misc/slim-1.3.2-r1 Target keywords : "amd64 ppc ppc64 sparc x86" amd64 done x86 stable ppc64 done Marked ppc stable. sparc stable, closing Reopening, sorry my job done, removing (In reply to comment #9) > my job done, removing > I see some vulnerable ebuilds in the tree to be removed. GLSA vote: YES (In reply to comment #10) > (In reply to comment #9) > > my job done, removing > > > > I see some vulnerable ebuilds in the tree to be removed. already done. +*slim-1.3.2-r2 (20 Sep 2010) + + 20 Sep 2010; Jeremy Olexa <darkside@gentoo.org> + -slim-1.3.1_p20091114.ebuild, -files/slim-1.3.1-config.diff, + -files/slim-1.3.1-gcc4.4.patch, -slim-1.3.2.ebuild, +slim-1.3.2-r2.ebuild, + -files/slim-1.3.2-config.diff, +files/slim-1.3.2-r2-config.diff, + +files/Xsession: + Revbump to vastly improve the session handling. Work done by Ian + Stakenvicius in bug 334111. Also remove old and cleanup. GLSA Vote: Yes, request filed. The oldest version of x11-misc/slim currently in the tree is 1.3.5-r4. Shouldn't this bug be closed? Denis. (In reply to Denis Dupeyron from comment #13) > The oldest version of x11-misc/slim currently in the tree is 1.3.5-r4. > Shouldn't this bug be closed? > > Denis. No, we have no glsa released. This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle). |