Summary: | <=app-crypt/heimdal-0.6 - Cross-realm trust vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Love <lha> |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | blocker | CC: | agriffis, base-system |
Priority: | Highest | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Love
2004-04-02 05:41:11 UTC
Aron - would you create an ebuild for 0.6.1? Thanks. heimdal-0.6.1 added to portage as KEYWORDS="~x86 ~sparc ~ppc ~alpha ~ia64 ~amd64 ~hppa ~mips" Every version below 0.6(currently stable) has been removed from the tree. I don't have krb setup so I have no way of verifying if this package runtime environment works. One patch conflicted and seemed unneeded for gcc-3.3.x and was thus commented out. From reading the .ebuild I fail to understand what this sed statement is doing other than wasting a few cpu cycles. (Maybe it should be sed -i -e) sed -i "s:LIB_crypt = @LIB_crypt@:LIB_crypt = -lssl @LIB_crypt@:g" Makefile.in || die Arch maintainers please test and mark stable if/when ready. Please try test/verify the rumtime as well if you can. From the sed info page: "If no `-e', `-f', `--expression', or `--file' options are given on the command-line, then the first non-option argument on the command line is taken to be the SCRIPT to be executed." I prefer to see the -e there myself, but the sed line probably works as intended without the -e. Marked stable on mips. arches. plztest. Marked stable on Alpha. Stable on amd64 Stable on ppc Stable on sparc Mr Bones (thanks) Still waiting on x86 and a report that the runtime has been tested. I don't think we're going to get a report on the runtime -- not many individual devs use kerberos for authentication. Also, agriffis hasn't been responsive at all regarding this issue, so I recommend we bump to stable on x86. We've given folks the opportunity to test -- we need to get this security fix out. pushed to stable on x86. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0371 GLSA 200404-09 "agriffis hasn't been responsive at all regarding this issue, so I recommend we bump to stable on x86" klieber, I don't use or maintain heimdal. You asked me about it on IRC, I said, yeah, go ahead and bump it since we don't know anybody to test... so I don't understand your comment. :-( sorry -- came across wrong. that's what I get for trying to respond to bugs too quickly. my apologies. ia64 stable |