CVE-2009-0489 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0489): The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.
*** Bug 258483 has been marked as a duplicate of this bug. ***
Already ready. Add arches: amd64 ppc x86 (ppc will need to do bug 258482 first)
Arches, please test and mark stable: =net-misc/wicd-1.5.9 Target keywords : "amd64 ppc x86" ppc: please have a look at bug 258482 first!
*** Bug 253228 has been marked as a duplicate of this bug. ***
=net-misc/wicd-1.5.9-r1 is the new target. Sorry, I overlooked the init script and it is now proper.
amd64/x86 stable
ppc stable
All arches stable. + 26 Feb 2009; Jeremy Olexa <darkside@gentoo.org> + -files/wicd-1.5.2-docs.patch, -wicd-1.5.2.ebuild, -wicd-1.5.4.ebuild, + -wicd-1.5.6.ebuild, -wicd-1.5.7-r1.ebuild, -wicd-1.5.8.ebuild: + remove old ebuilds affected by CVE-2009-0489
Ready to vote, I vote NO.
I vote YES though.
YES, request filed
GLSA 200904-12, thanks everyone.