Have fun...
This is CVE-2009-3736.
# Samuli Suominen <ssuominen@gentoo.org> (03 Mar 2010) # Masked for QA, security # # After over an year of no word from maintainers # # Internal copy of vuln. libltdl, CVE-2009-3736 # # Masked for removal in 60 days app-shells/pdsh
Fixed in Debian, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560892 Patch is included in, http://ftp.de.debian.org/debian/pool/main/p/pdsh/pdsh_2.18-6.debian.tar.gz Pretty much, --- src/pdsh/Makefile.am +++ src/pdsh/Makefile.am @@ -14,8 +14,7 @@ MODULE_LIBS = $(top_builddir)/src/modules/libmods.la else MODULE_FLAGS = -export-dynamic $(AIX_PDSH_LDFLAGS) -LTDL_FILES = ltdl.h ltdl.c -LTDL_LDADD = $(LIBADD_DL) +LTDL_LDADD = $(LIBADD_DL) -lltdl endif pdsh_LDADD = $(READLINE_LIBS) $(LTDL_LDADD) @@ -25,7 +24,7 @@ pdsh_inst_LDADD = $(pdsh_LDADD) pdsh_inst_LDFLAGS = $(pdsh_LDFLAGS) -pdsh_SOURCES = $(PDSH_SOURCES) $(LTDL_FILES) +pdsh_SOURCES = $(PDSH_SOURCES) pdsh_inst_SOURCES = $(pdsh_SOURCES) nodist_pdsh_SOURCES = testconfig.c nodist_pdsh_inst_SOURCES = config.c In case anyone is intrested in saving the package.
+*pdsh-2.18-r1 (06 Apr 2010) + + 06 Apr 2010; Justin Bronder <jsbronder@gentoo.org> +pdsh-2.18-r1.ebuild, + +files/pdsh-2.18-unbundle-libtool.patch: + Unbundle libtool and bump EAPI. Thanks to ssuominen for tracking down the + patch. + Do we need a stable bug for the new rev?
(In reply to comment #4) > +*pdsh-2.18-r1 (06 Apr 2010) > + > + 06 Apr 2010; Justin Bronder <jsbronder@gentoo.org> +pdsh-2.18-r1.ebuild, > + +files/pdsh-2.18-unbundle-libtool.patch: > + Unbundle libtool and bump EAPI. Thanks to ssuominen for tracking down the > + patch. > + > > > Do we need a stable bug for the new rev? > Yep, please unmask and get it stabilized like normal security bug (although I think this bug will work just as fine for that). Thanks for applying the patch!
Archs please mark app-shells/pdsh-2.18-r1 stable. Note that the testsuite is buggy and RESTRICT'ed. Thanks.
Tested on x86, looks good.
x86 stable, thanks Andreas