Summary: | <media-sound/rhythmbox-0.12.8-r1: Insecure temporary file usage (CVE-2012-3355) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=835076 https://bugzilla.gnome.org/show_bug.cgi?id=678661 |
||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2012-07-20 16:56:41 UTC
=media-plugins/rhythmbox-3.0.1 is stable in-tree, so if possible =media-sound/rhythmbox-0.12.8-r1 should be removed as it is affected. The only issue is rhythmbox-equalizer depends on 0.12.8 specifically, so if 0.12.8-r1 is removed, rhythmbox-equalizer-0.1.ebuild should be updated to accept any version of rhythmbox. vulnerable versions were dropped time ago rhythmbox-3.0.1 fixes this, stabilized in bug #478252 vulnerable versions removed LONG ago as previous comment states. Please proceed with a GLSA or closure. vulnerable versions removed LONG ago as previous comment states. Please proceed with a GLSA or closure. |