See URL for more details Reproducible: Always Steps to Reproduce: 1. 2. 3.
libnids-1.18 added to portage. This version adds new functionality. We now compile libnids as a shared object vs just static .a A full revdep-rebuild will need to be preformed on all binarys that had previously linked to the libnids.a in order to get the old exploitable code off your system completely.
this presents a problem ... 1.16 and earlier use libnet-1.0 while 1.17 and later use libnet-1.1 ... there are apps out there that still use libnet-1.0 and probably wont change ... i dont know how many out there need this older libnids though ... there are at least one or two ... so here is what i think we should do: package.mask libnids below 1.18 package.mask everything that needs libnids 1.16 or earlier then we are left with a choice ... leave the packages mask indefinitely or try to backport the fix to 1.16 ...
<net-libs/libnids-1.18 is now package masked. net-analyzer/dsniff looks like the only package that depends on net-libs/libnids. I'm not going to mask that one.. but as it stands now dsniff can not be built as long as it continues to have the RDEP of ( >=net-libs/libnids-1.16-r1 <net-libs/libnids-1.17 )
please mask dsniff or fix do something about libnids < 1.17 because it makes a broken dep in portage...
dsniff is now masked. My vote is for removal of dsniff from portage.
GLSA sent should we close it?
changing resolution to FIXED