From sarg ChangeLog ( http://sarg.sourceforge.net/sarg.ChangeLog.txt ): ========================================================================= security issues can be exploited to execute arbitrary code when sarg is used with malicious input files. The vulnerability within the processing of the useragent.log is rather critical, as this can be exploited by passing a long user agent string when browsing via a squid proxy. the manipulated GET request in the access log would not be accepted by squid, so that file has to be specially crafted. Thank you to L4teral l4teral AT gmail.com ========================================================================= Arch teams, please be aware that previous version of sarg was full different crash problems and it never hit portage...
Arches, please test and mark stable: =net-analyzer/sarg-2.2.4 Target keywords : "amd64 ppc release x86"
x86 stable
ppc stable
amd64 stable
Fixed in release snapshot.
request filed.
GLSA 200803-21, thanks to everybody