Summary: | <net-im/bitlbee-3.0.5-r1: does not drop groups correctly in unix.c (CVE-2012-1187) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cedk, radhermit, wired |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.bitlbee.org/bitlbee/ticket/852 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-03-21 18:03:16 UTC
This is fixed in bitlbee-3.0.5-r1 (and -r0), already in ~testing. (In reply to comment #1) > This is fixed in bitlbee-3.0.5-r1 (and -r0), already in ~testing. Thanks, Alex. Can we roll forward and stabilize =net-im/bitlbee-3.0.5-r1? (In reply to comment #2) > (In reply to comment #1) > > This is fixed in bitlbee-3.0.5-r1 (and -r0), already in ~testing. > > Thanks, Alex. Can we roll forward and stabilize =net-im/bitlbee-3.0.5-r1? It should be good to go. I've masked the skype use flag across all arches since skype has no stable versions. Great, thank you. Arches, please test and mark stable: =net-im/bitlbee-3.0.5-r1 Target keywords : "amd64 ppc x86" The following keyword changes are necessary to proceed: #required by net-im/bitlbee-3.0.5-r1[skype], required by @selected, required by @world (argument) =dev-python/skype4py-1.0.32.0 ~amd6 how about stabilizing that too ? (In reply to comment #5) > The following keyword changes are necessary to proceed: > #required by net-im/bitlbee-3.0.5-r1[skype], required by @selected, required > by @world (argument) > =dev-python/skype4py-1.0.32.0 ~amd6 > > how about stabilizing that too ? No, because as noted previously the skype use flag is masked and will remain that way since skype dropped its stable keywords. amd64: pass amd64 stable x86 stable ppc stable Thanks, everyone. I think this is about a B3 or B4 level issue. GLSA Vote: no. GLSA vote: no. Closing noglsa. |