Summary: | kde-base/kdelibs Kate backup file permission leak (CAN-2005-1920) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | minor | CC: | kde | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | http://www.kde.org/info/security/advisory-20050718-1.txt | ||||||||||
Whiteboard: | A4 [noglsa] jaervosz | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-07-11 22:36:38 UTC
Created attachment 63200 [details, diff]
post-3.4.0-kdelibs-kate.diff
Carlo/Caleb if you want to release this at the coordinated date please attach an updated ebuild to this bug. Otherwise we'll start the normal procedure when it goes public as this seems to be a minor issue. If you provide an updated ebuild please do NOT commit anything to the tree. > If you provide an updated ebuild please do NOT commit anything to the tree.
Huh? I hope committing Jul 18 00:00:00 CEST is o.k., or what do we have to wait
for!?
Imho it should suffice if we fix KDE 3.3, who is still using KDE 3.2 is asked to
upgrade. If you don't think so Caleb, please raise your voice. :)
Carlo if you provide an updated ebuild before the 18th please do not commit it but instead attach it to this bug and we will call individual arch testers (This is the steps we call preebuild and prestable). Otherwise we could wait and just start stable marking on the 18th as this issue seems minor. On the 18th you can commit after we see the official KDE announcement, which is probably not at 00:00:00 UTC Created attachment 63659 [details]
post-3.3.2-kdelibs-kate.diff
Created attachment 63660 [details]
kdelibs-3.3.2-r10.ebuild
Carlo/Caleb please also provide an updated ebuild for 3.4. When you see the official announcement you can commit and comment on this bug. KDE 3.4.1 is not affected. Carlo please commit the updated ebuild. I'll open the bug shortly/open new public one. KDE/Patchers please commit the updated ebuild. <<< kdelibs-3.3.2-r10.ebuild herds, would you mark stable, please!? :) stable on ppc64 ppc stable sparc-a-go-go Stable on mips. Stable on hppa Stable on amd64. Stable on alpha. Stable on ia64. This one is ready for GLSA decision. I vote NO. Also vote NO. Two NO votes -> Closing with NO GLSA. Feel free to reopen if you disagree. |