Summary: | app-admin/sysstat-5.0.2 version bump [ due to security issues ] | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Daniel Webert <rockoo> |
Component: | New packages | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Daniel Webert
2004-03-19 13:12:50 UTC
Sparc, PPC, and AMD64 teams: Can you please mark this stable on your architectures since there seems to be a security bug related with this: http://www.securityfocus.com/bid/9844/info/ - Thanks! Stable on sparc. in portage PPC people still need to unmask this. This needs a nudge since this is a security issue and the PPC people haven't yet marked this as stable. Thanks... finally bumped stable on ppc. Thanks Pylon. Should we issue a GLSA for this or not - this seems to be a issue with an insecure /tmp symlink vulnerability? Yes, It allows overwriting files with the id of the user running the isag command (theorically, not root). I am not sure a GLSA is needed, but there was a RHSA and a DSA on the subject : https://rhn.redhat.com/errata/RHSA-2004-093.html http://www.debian.org/security/2004/dsa-460 If we do a GLSA, we should do it quickly :) -K GLSA 200404-04 |