CVE-2005-4790 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4790): Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.
This bug is for blam. I'll attach a patch for this, please coordinate the inclusion upstream and apply in the ebuild.
Created attachment 136557 [details, diff] blam-CVE-2005-4790-insecure-ldpath.patch
any news here?
Maintainers, please apply the attached patch. Otherwise we will have to bump the package ourselves or apply a p.mask.
Created attachment 140433 [details, diff] blam-CVE-2005-4790-insecure-ldpath.patch The patch above was a wrong file, sorry.
*blam-1.8.4 (08 Jan 2008) 08 Jan 2008; Robert Buchholz <rbu@gentoo.org> -files/blam-1.6.0-gecko-fix.diff, -files/blam-1.6.1-mono-1.1.7-compat.diff, -files/blam-1.6.1-mono-1.1.7-compat-v2.diff, -files/blam-1.8.2-64-bit-int.diff, -files/blam-1.8.2-mono-1.1.17-fix.diff, -files/blam-1.8.2-seamonkey.patch, +blam-1.8.4.ebuild: Version bump by security for untrusted search path vulnerability (CVE-2005-4790, bug #199841). Cleaning up old patches.
Arches, please test and mark stable net-news/blam-1.8.4. Target keywords : "amd64 ppc x86"
*** Bug 187283 has been marked as a duplicate of this bug. ***
x86 stable
amd64 done.
ppc stable
GLSA request filed.
GLSA 200801-14.