Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 419375 (CVE-2012-2653)

Summary: <net-analyzer/arpwatch-2.1.15-r8 Insufficient drop of privileges (CVE-2012-2653)
Product: Gentoo Security Reporter: Michael Weber (RETIRED) <xmw>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: netmon, pva
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=825328
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---

Description Michael Weber (RETIRED) gentoo-dev 2012-06-02 16:39:04 UTC 
I just took a look at the patchset 
mirror://gentoo/arpwatch-patchset-0.5.tbz2
and i think the mentioned code lines are in 

/var/tmp/portage/net-analyzer/arpwatch-2.1.15-r6/work/arpwatch-patchset/08_all_arpwatch-2.1a15-drop-priveleges.patch
Comment 1 Michael Weber (RETIRED) gentoo-dev 2012-06-02 16:41:02 UTC 
Personally debian gave me the hint:
http://lists.debian.org/debian-security-announce/2012/msg00121.html
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-02-21 06:35:55 UTC 
Previous comments have proper link to other distro patches.  Maintainer/project please bump with appropriate patch.  No rdeps present so this is a candidate for tree cleaning.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-21 07:18:17 UTC 
Arch teams, please test and mark stable:
=net-analyzer/arpwatch-2.1.15-r8
Targeted stable KEYWORDS : amd64 hppa ppc sparc x86
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-22 06:01:47 UTC 
Stable for HPPA.
Comment 5 Agostino Sarubbo gentoo-dev 2016-03-02 13:59:24 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-03-15 16:40:33 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-03-16 12:04:25 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-03-19 11:36:55 UTC 
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2016-03-19 12:55:32 UTC 
GLSA request opened.
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2016-03-24 06:58:07 UTC 
@maintainer, still pending cleanup.  Please let us know when complete or if you are unable to.  Thanks.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-07-20 12:06:20 UTC 
This issue was resolved and addressed in
 GLSA 201607-16 at https://security.gentoo.org/glsa/201607-16
by GLSA coordinator Aaron Bauman (b-man).