Summary: | <net-misc/smb4k-1.1.1: potential credentials cache leak (CVE-2014-2581) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Frank Krömmelbein <kroemmelbein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Frank Krömmelbein
2014-03-22 19:47:37 UTC
The new version works for me. Upstream changed source archiv to tar.xz So the following small patch is neccesary: --- smb4k-1.1.0.ebuild 2014-01-07 20:34:47.000000000 +0100 +++ smb4k-1.1.1.ebuild 2014-03-22 20:41:44.122210840 +0100 @@ -13,7 +13,7 @@ DESCRIPTION="The advanced network neighborhood browser for KDE" HOMEPAGE="http://sourceforge.net/projects/smb4k/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" LICENSE="GPL-2" SLOT="4" Thank you for reporting. This is bumped in cvs now. + + 23 Mar 2014; Johannes Huber <johu@gentoo.org> +smb4k-1.1.1.ebuild: + Version bump wrt bug #505376. + Arches please stabilize =net-misc/smb4k-1.1.1 Apparently cruid is used to set the uid of the owner of the credentials cache. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. + 23 Mar 2014; Michael Palimaka <kensington@gentoo.org> -smb4k-1.0.9.ebuild, + -smb4k-1.1.0.ebuild: + Remove old. GLSA vote: no GLSA Vote: No No GLSA - Closing Bug as Resolved |