Summary: | =media-tv/mythtv-0.27_p20140321: root privilege escalation via init script | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | cardoe, proxy-maint, security-audit, thebitpit |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=540006 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Michael Orlitzky
2016-12-22 18:32:43 UTC
Sorry about that, didn't notice I was still listed on the project page. I'm going to un-CC from this as I haven't touched mythtv in a while. Depending on cardoe's activity level somebody else may need to stabilize this. I haven't used MythTV since at least April and no longer have it installed as well. I'll remove myself from the project page as well. It looks like this is just waiting on x86 to stabilize it or be dropped. They never responded on #573250 and once they do we can remove the vulnerable versions. The affected version has been removed from the tree, so this is fixed. It wouldn't hurt to kill "mythbackend.init" too, but nothing is using it right now. Unrestricting and reassigning to security@ per bug #705894 unrestricting per bug 705894 (In reply to Michael Orlitzky from comment #3) > The affected version has been removed from the tree, so this is fixed. It > wouldn't hurt to kill "mythbackend.init" too, but nothing is using it right > now. @proxy maintainer, see if this is applicable still and apply accordingly. I'm going to close this as the tree is clean but still investigate if it's useful. |