247958 – net-analyzer/rtg-0.7.4 has internal copies of gd-1.8.4, cgilib-0.4, zlib-1.1.4 and libpng-1.2.1

Bug 247958 - net-analyzer/rtg-0.7.4 has internal copies of gd-1.8.4, cgilib-0.4, zlib-1.1.4 and libpng-1.2.1

Summary: net-analyzer/rtg-0.7.4 has internal copies of gd-1.8.4, cgilib-0.4, zlib-1.1....

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	bundled-libs
	Show dependency tree

Reported:	2008-11-21 13:02 UTC by Diego Elio Pettenò (RETIRED)
Modified:	2009-04-17 09:35 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Diego Elio Pettenò (RETIRED) gentoo-dev

2008-11-21 13:02:03 UTC

I don't even want to count out the possible security vulnerabilities.

Who wants to have fun?

Comment 1 Tobias Scherbaum (RETIRED) gentoo-dev

2009-01-11 10:16:36 UTC

package.masked, will be removed in 30 days.

bundles *very* outdated versions of gd, zlib and libpng libraries, static links, upstream seems dead, removal in 30 days. bug #247958 and bug #251425

Comment 2 Jeremy Olexa (darkside) (RETIRED) archtester

2009-04-17 04:19:27 UTC

treecleaners removed this since it was long enough and definitely heading out.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2009-04-17 09:35:50 UTC

The libraries were only used to generate the statistics, so input should be considered trusted. It's for the better that the thing is gone, but does not warrant involvement of Security such as a GLSA.