Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 112213 (CVE-2005-2929) - www-client/lynx: arbitrary command execution via lynxcgi (CVE-2005-2929)
Summary: www-client/lynx: arbitrary command execution via lynxcgi (CVE-2005-2929)
Alias: CVE-2005-2929
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [stable]
Depends on:
Reported: 2005-11-11 11:48 UTC by Tavis Ormandy (RETIRED)
Modified: 2008-10-21 14:25 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

lynx-2.8.6_pre15.ebuild (lynx-2.8.6_pre15.ebuild,1.98 KB, text/plain)
2005-11-11 22:09 UTC, solar (RETIRED)
no flags Details
ppc-macos changes (patch,640 bytes, patch)
2005-11-12 13:51 UTC, Fabian Groffen
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy (RETIRED) gentoo-dev 2005-11-11 11:48:42 UTC
dmwaters, please bump to 2.8.6dev.15 asap.
Comment 1 solar (RETIRED) gentoo-dev 2005-11-11 22:09:30 UTC
Created attachment 72720 [details]

Here are the changes I had to make in my local tree for this bug.
Comment 2 Fabian Groffen gentoo-dev 2005-11-12 12:44:50 UTC
adding ppc-macos to check the patch.  ppc-macos keyword is dropped in the patch.
Comment 3 Fabian Groffen gentoo-dev 2005-11-12 13:51:04 UTC
Created attachment 72774 [details, diff]
ppc-macos changes

applying the above patch to the lynx-2.8.6_pre15.ebuild file, cleans up the
darwin/osx mess.  This new version seems to compile and work fine for ppc-macos
without additional tweaks.   I tested, and hence added back the ~ppc-macos
Comment 4 Seemant Kulleen (RETIRED) gentoo-dev 2005-11-12 17:46:26 UTC
arch teams -- please test lynx-2.8.5-r2 and mark stable
Comment 5 Seemant Kulleen (RETIRED) gentoo-dev 2005-11-12 17:47:10 UTC
Fabian -- please make sure ppc-macos is ok with 2.8.5-r2 as well
Comment 6 solar (RETIRED) gentoo-dev 2005-11-12 18:23:29 UTC
silly seemant you asked for arch testing but forgot to ~arch the keywords. 
I reverted those for you and the arches right quick. I also tested on x86 and it 
looks pretty good so I left it in stable.
Comment 7 Brent Baude (RETIRED) gentoo-dev 2005-11-12 18:45:35 UTC
ppc64 stable
Comment 8 Jason Wever (RETIRED) gentoo-dev 2005-11-12 18:49:24 UTC
Stable on SPARC
Comment 9 Homer Parker (RETIRED) gentoo-dev 2005-11-12 19:13:30 UTC
amd64 done
Comment 10 Fabian Groffen gentoo-dev 2005-11-13 02:26:14 UTC
(In reply to comment #5)
> Fabian -- please make sure ppc-macos is ok with 2.8.5-r2 as well

At your service!

marked 2.8.5-r2 stable and made darwin patch unconditional (getting rid of the
conditional in the ebuild)

Comment 11 Fernando J. Pereda (RETIRED) gentoo-dev 2005-11-13 03:47:40 UTC
Alpha happy
Comment 12 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-11-13 03:55:21 UTC
Stable on ppc, hppa.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-11-13 09:24:15 UTC
GLSA 200511-09
arm, ia64, mips, s390 should mark stable to benefit from GLSA
Comment 14 Seemant Kulleen (RETIRED) gentoo-dev 2005-11-15 11:40:45 UTC
ia64 and mips, please do mark stable
Comment 15 Hardave Riar (RETIRED) gentoo-dev 2005-11-20 01:42:18 UTC
Stable on mips.