Summary: | <media-libs/raptor-2.0.7 : RDF XML External Entity Processing Information Disclosure Vulnerability (CVE-2012-0037) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sound |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48479/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-03-23 09:45:39 UTC
2.0.7 in Portage now but it's more than security fix. Upstream removed support for libexpat in favour of libxml2. Upstream removed internal unicode support in favour of external ICU libraries. So be careful when testing and test reverse dependencies too! Test & stabilize: =media-libs/raptor-2.0.7 "amd64 arm hppa ppc ppc64 x86" Stable for HPPA. hmmm I wonder
archtester raptor # scanelf -n /usr/lib64/libraptor2.so
TYPE NEEDED FILE
ET_DYN libcurl.so.4,libldap-2.4.so.2,librt.so.1,libssl.so.1.0.0,libcrypto.so.1.0.0,libicuuc.so.48,libxslt.so.1,libxml2.so.2,libz.so.1,libm.so.6,libyajl.so.1,libc.so.6 /usr/lib64/libraptor2.so
libcrypto && libz again. I think it was decided zlib was in system.
archtester raptor # qfile libcrypto.so.1.0.0
dev-libs/openssl (/usr/lib64/libcrypto.so.1.0.0)
ok net-misc/curl pulls in openssl
archtester raptor # ebuild raptor-2.0.7.ebuild clean test
>>> Source compiled.
>>> Test phase [none]: media-libs/raptor-2.0.7
amd64 all ok
amd64 stable x86 stable, thanks. arm stable - ppc/ppc64 stable, all arches done - removed USE=rss from net-irc/eiwic in order to remove SLOT=0 of media-libs/raptor, not sure if this was vulnerable or not Thanks all. security, please vote. GLSA Vote: no. GLSA vote: no. Closing noglsa |