Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 85770

Summary: games-puzzle/ltris-1.0.10 Local as-another-user exec
Product: Gentoo Security Reporter: Klaus S. Madsen <gentoo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: games
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2? [glsa]
Package list:
Runtime testing required: ---

Description Klaus S. Madsen 2005-03-18 06:01:34 UTC
1.0.10 is available, which fixes a security issue also. See http://lgames.sourceforge.net/index.php?action=show_news&news_action=show_item&item_id=108
for more information.

The ebuild for 1.0.7 works when renamed to the new version.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-03-18 07:57:46 UTC
This allows executing code under other local game user uid, I suppose.
games, please bump
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2005-03-18 09:26:11 UTC
ltris-1.0.10 added to portage.  The old versions were removed.

You can do your security thing as you like...
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-03-18 10:13:38 UTC
Marked stable on all arches by maintainer.
Ready for GLSA, severity=Normal I would say
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-03-20 12:35:53 UTC
Klaus, thx for the notification.

GLSA 200503-24