Five vulnerabilities deemed "critical" have been addressed in PostgreSQL. The fixed version are 8.2.6, 8.1.11, 8.0.15, 7.4.19, 7.3.21. Ergo, all versions currently in portage are affected and need to be updated. The following text is reproduced from the announcement: Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as "expression indexes". This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed. Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. All of these issues have been patched. DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole.
Thanks for the report. Postgresql herd, please advise.
*** Bug 205111 has been marked as a duplicate of this bug. ***
Created attachment 140829 [details] postgresql 8.2.6 and libpq 8.2.6 ebuild patch conf and init files I started off using the 8.2.5 ebuilds from postgresql-testing and changed the SRC_URI to only use postgresql-8.2.6.tar.bz2 as file. worked for me.
(In reply to comment #3) > Created an attachment (id=140829) [edit] > postgresql 8.2.6 and libpq 8.2.6 ebuild patch conf and init files > I started off using the 8.2.5 ebuilds from postgresql-testing and changed the > SRC_URI to only use postgresql-8.2.6.tar.bz2 as file. worked for me. Thanks for the ebuilds. I am testing and working on committing them now.
The 8.2.6 ebuilds are now committed. I'll try to work on bumping the other versions tomorrow - our stable target should be 8.0.15; I'll post to this bug when that's committed. Thanks, Marty.
8.0.15 ebuilds are now committed. Based on what we've got in the tree now, the 7.4 and 7.3 branches should also be stable targets. I'll get going on those, and finally 8.1. 7.4 and 7.3 should be committed today - hopefully 8.1 too, if I can get it done (my dev box is old and slow). Meanwhile, arches can start with 8.0.15. Thanks, Marty.
7.4.19 ebuilds committed. Thanks, Marty
Thx Martin. Since this is pretty serious I'm calling arches to start testing before all branches are fixed. Target keywords sofar are: postgresql-7.4.19.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86" postgresql-8.0.15.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"
>>> Unpacking postgresql-7.4.19.tar.bz2 to /var/tmp/portage/dev-db/libpq-7.4.19/work * Applying libpq-7.4.19-gentoo.patch ... * Failed Patch: libpq-7.4.19-gentoo.patch ! * ( /usr/portage/dev-db/libpq/files/libpq-7.4.19-gentoo.patch ) * * Include in your bugreport the contents of: * * /var/tmp/portage/dev-db/libpq-7.4.19/temp/libpq-7.4.19-gentoo.patch-30816.out * * ERROR: dev-db/libpq-7.4.19 failed. * Call stack: * ebuild.sh, line 1701: Called dyn_unpack * ebuild.sh, line 817: Called qa_call 'src_unpack' * ebuild.sh, line 44: Called src_unpack * libpq-7.4.19.ebuild, line 44: Called epatch '/usr/portage/dev-db/libpq/files/libpq-7.4.19-gentoo.patch' * eutils.eclass, line 304: Called die * The specific snippet of code: * die "Failed Patch: ${patchname}!" * The die message: * Failed Patch: libpq-7.4.19-gentoo.patch! (8.0.15 applies without problems)
Commits for 8.1.11 and 7.3.21 are now done. 7.3.21 is the stable target for that branch. Also, upstream has advised that 7.3.21 will be the last upstream release of the 7.3 branch. Thanks, Marty. I'll take a look at the 7.4.19 problem.
The libpq problem had to do with me not adding the files with -ko. It also affected 7.3.21. Fixes for both are committed now. Thanks, Marty
~dev-db/libpq-8.1.11 seems to be missing - I can't commit postgresql stable (on x86). repoman is complaining... and btw, all patches apply fine now.
stable on x86, on behalf of maekke...libpq 8.1.11 is missing and "Ebuild has redundant cd ${S} statement on line:" Check your repoman output.
7.3.21 ppc64 stable now. Will wait on db/libpq-8.1.11 to complete the db side too.
Grr...sorry about 8.1.11. I don't know how I missed that. It's committed now, and I fixed the unquoted errors in the 7.4 libpq ebuilds. Once keywording has settled, I'll fix the rest of the repoman warnings.
Is it true that 8.1* is not a stabilisation target? Even if it were, with 8.1.11 in the tree, 8.1.9 could now be removed safely (i.e. without upsetting anyone).
dev-db/libpq-7.4.19 USE="nls pam readline ssl zlib -kerberos" dev-db/postgresql-7.4.19 USE="doc nls pam python readline ssl test zlib -kerberos -perl -pg-intdatetime (-selinux) -tcl -xml" * Emerges on AMD64. * Test phase enabled. * Works. - - Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64) ================================================================= System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-56 Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -Os -msse3 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=k8 -Os -msse3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/ http://213.186.33.37/gentoo-distfiles/" LANG="C" LC_ALL="C" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd python quicktime readline realmedia reflection samba sdl session smp spell spl sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick" KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
All three stable for HPPA.
Here's the keyword situation: (vulnerable) -> (not vulnerable) 7.3.19 ( arch) -> 7.3.21 7.4.17 ( arch) -> 7.4.19 8.0.13 ( arch) -> 8.0.15 8.1.9 (~arch) -> 8.1.11 8.2.4-r1 (~arch) -> 8.2.6 Stable targets for all arches are: =dev-db/postgresql-7.3.21 =dev-db/postgresql-7.4.19 =dev-db/postgresql-8.0.15 (and their corresponding libpq's)
Ok, I *think* ppc64 is cool now. Readd if not.
alpha/ia64/sparc stable
Created attachment 141001 [details] postgresql-7.3.21-build.log Thanks Robert, that clarified things a lot. dev-db/libpq-7.3.21 USE="nls pam readline ssl zlib -kerberos -pg-intdatetime%" dev-db/postgresql-7.3.21 USE="doc nls pam python readline ssl test zlib -kerberos -perl -pg-intdatetime (-selinux) -tcl -xml" * Test phase enabled. * Failed to emerge.. (build.log attached) >>> Completed installing postgresql-7.3.21 into /var/tmp/portage/dev-db/postgresql-7.3.21/image/ ecompressdir: bzip2 -9 usr/share/man strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment (...) usr/lib64/postgresql/timetravel.so usr/lib64/postgresql/string_io.so usr/lib64/postgresql/tablefunc.so usr/lib64/postgresql/tsearch.so usr/lib64/postgresql/user_locks.so usr/lib64/libecpg.so.3.4.1 usr/lib/python2.4/site-packages/_pgmodule.so usr/lib64/libecpg.a * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * query.c:239: warning: implicit declaration of function 'tolower' Files matching a file type that is not allowed: usr/lib/python2.4/site-packages/_pgmodule.so * * ERROR: dev-db/postgresql-7.3.21 failed. * Call stack: * misc-functions.sh, line 576: Called install_qa_check * misc-functions.sh, line 352: Called die * The specific snippet of code: * [[ ${abort} == yes ]] && die "multilib-strict check failed!" * The die message: * multilib-strict check failed! - - Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64) ================================================================= System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-56 Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -Os -msse3 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=k8 -Os -msse3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/ http://213.186.33.37/gentoo-distfiles/" LANG="C" LC_ALL="C" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd python quicktime readline realmedia reflection samba sdl session smp spell spl sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick" KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
dev-db/libpq-8.0.15 USE="nls pam readline ssl threads zlib -kerberos -pg-intdatetime" dev-db/postgresql-8.0.15 USE="doc nls pam python readline ssl test zlib -kerberos -perl -pg-intdatetime (-selinux) -tcl -xml" * Emerges on AMD64. * Test phase enabled. * Works. - - Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64) ================================================================= System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-56 Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -Os -msse3 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=k8 -Os -msse3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/ http://213.186.33.37/gentoo-distfiles/" LANG="C" LC_ALL="C" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd python quicktime readline realmedia reflection samba sdl session smp spell spl sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick" KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #22) Adding the following line to the ebuild fixes the multilib failure: sed -i -e "s/\/lib\/python/\/$(get_libdir)\/python/" configure
ppc stable
(In reply to comment #24) > (In reply to comment #22) > Adding the following line to the ebuild fixes the multilib failure: > sed -i -e "s/\/lib\/python/\/$(get_libdir)\/python/" configure OK, this patch is committed to the 7.3.21 ebuild. I don't have an AMD64 to test on, but it compiled cleanly on my x86. I've also removed 8.1.9 and 8.2.4, since they're vulnerable and not stable targets for this exercise.
amd64 all done.
I lied. Missed out 7.4, but that's just been fixed.
All arches are fine, GLSA request filed.
and glsa 200801-15 sent, thanks everyone