Summary: | sys-devel/gettext: tempfile vuln back in 1.4.1 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke Macken (RETIRED) <lewk> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | christian.hartmann |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | A3 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Luke Macken (RETIRED)
2005-03-18 05:32:07 UTC
base-system, please advise. Hmm.. this could very well be a dupe of Bug #66355. yes, i do believe it is, but now that we have gettext-0.14.1 unmasked, we need to consider this again i think this is my fault ... the original reason for masking 0.14.1 was due to Bug 66449 and once i resolved that, i unmasked it again, having forgotten about Bug 66355 i need to touch up 0.14.2 a bit before we can consider it for stable (bogues `make check` failures) vapier: any progress ? Ok, trying the other one. SpanKY any progress on this one? 0.14.1-r1 with patch from Bug 66355 and KEYWORDS have been carried forward from 0.14.1 unchanged so we dont need to bother arch maintainers ... Thx SpanKY This one is ready for GLSA, perhaps as an update to GLSA 200410-10? i think an update would be best If I understand correctly: Currently the 200410-10 GLSA says : Vulnerable: <0.12.1-r2 Unaffected: >=0.12.1-r2 and we need to upgrade that GLSA to: Vulnerable: <0.14.1-r1 Unaffected: >=0.14.1-r1 Unaffected: *>=0.12.1-r2 sounds about right Fixed with GLSA 200410-10 Update |