Summary: | <lxde-base/lxterminal-0.3.1: Insecure use of /tmp for a socket file (CVE-2016-10369) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | charles17 |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | lxde+disabled, pacho |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blog.lxde.org/2017/10/30/lxterminal-0-3-1-released/ | ||
See Also: | https://github.com/gentoo/gentoo/pull/5362 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
lxde-base/lxterminal-0.3.1
|
Runtime testing required: | --- |
Bug Depends on: | 607838 | ||
Bug Blocks: |
Description
charles17
2017-10-31 09:38:51 UTC
Find updated ebuild in https://github.com/gentoo/gentoo/pull/5362 @maintainer(s), Thank you. after bump, please call for stabilization when ready. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfe2786432826bec81d7685001c3eca663ed1c26 commit bfe2786432826bec81d7685001c3eca663ed1c26 Author: charIes17 <charles17@arcor.de> AuthorDate: 2017-12-13 19:51:53 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2018-03-05 21:56:38 +0000 lxde-base/lxterminal: version bump to 0.3.1 (CVE-2016-10369). Bug: https://bugs.gentoo.org/635992 Closes: https://bugs.gentoo.org/607838 Closes: https://bugs.gentoo.org/595904 - Adjusted HOMEPAGE (avoid redirect). - Adjusted tarball from.gz to .xz. - Make repoman happy by re-adding ~arm64. - Add LINGUAS handling. - Add handling of live ebuild. Package-Manager: Portage-2.3.13, Repoman-2.3.3 Closes: https://github.com/gentoo/gentoo/pull/5362 lxde-base/lxterminal/Manifest | 1 + lxde-base/lxterminal/lxterminal-0.3.1.ebuild | 47 ++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+)} amd64 stable ppc stable x86 stable arm stable, all arches done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e473ad3bc53eabf3a6fb5f45c05dad208974bcb8 commit e473ad3bc53eabf3a6fb5f45c05dad208974bcb8 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-08 13:32:27 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-08 13:32:27 +0000 lxde-base/lxterminal: drop vulnerable Bug: https://bugs.gentoo.org/635992 Package-Manager: Portage-2.3.28, Repoman-2.3.9 lxde-base/lxterminal/Manifest | 1 - lxde-base/lxterminal/lxterminal-0.1.11.ebuild | 26 -------------------------- 2 files changed, 27 deletions(-)} GLSA Vote: No |