Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 645208

Summary: <=sys-auth/fprintd-0.5.1 potentially contains solved security bugs solved by upstream
Product: Gentoo Security Reporter: Tim Mohlmann <muhlemmer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://cgit.freedesktop.org/libfprint/fprintd/log/
Whiteboard:
Package list:
Runtime testing required: ---

Description Tim Mohlmann 2018-01-21 06:58:58 UTC 
In upstream changelog, a number of security bugs are solved after 0.5.1 release. I'm not sure the impact, it was just something I noticed. Attached the link to upstream change log. Below the concerned commits:

pam: Fix eventfd leak:
https://cgit.freedesktop.org/libfprint/fprintd/commit/?id=7e4630ced2be4b7ecdfb9d60cfe0e0d3de594411

main: Plug tiny memory leak:
https://cgit.freedesktop.org/libfprint/fprintd/commit/?id=8fa3dcd5cd6f4841ae5e9789dde5c9daf302dd51

data: Stop privilege escalations in daemon:
https://cgit.freedesktop.org/libfprint/fprintd/commit/?id=6494efa94e5bb27f235ed758bba971c2d609ea2f

Latest stable version in tree: 0.5.0, released by upstream 2013-03-05
Latest available version upstream: 0.8.0, released 2017-09-13
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-21 23:53:16 UTC 
No reported issues are vulnerabilities. Feel free to file a normal stabilization request.