Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 329125 (CVE-2010-2056) - <app-text/gv-3.7.1: Symlink attack (CVE-2010-2056)
Summary: <app-text/gv-3.7.1: Symlink attack (CVE-2010-2056)
Status: RESOLVED FIXED
Alias: CVE-2010-2056
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-20 14:53 UTC by Samuli Suominen (RETIRED)
Modified: 2014-12-12 00:33 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Samuli Suominen (RETIRED) gentoo-dev 2010-07-20 14:53:44 UTC
please do
Comment 1 Dane Smith (RETIRED) gentoo-dev 2010-07-20 19:11:08 UTC
Tested on x86. Good to go.
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2010-07-20 21:57:36 UTC
stable x86, thanks Thomas
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2010-07-21 19:47:35 UTC
amd64/ppc64 done
Comment 4 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-08-10 15:06:03 UTC
CVE-2010-2056 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056):
  GNU gv before 3.7.0 allows local users to overwrite arbitrary files
  via a symlink attack on a temporary file.

Comment 5 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-08-10 15:07:20 UTC
Hijacking the bug...
Arches, please go on with stabilizing the package.
Comment 6 Joe Jezak (RETIRED) gentoo-dev 2010-08-11 22:36:08 UTC
Marked ppc stable.
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2010-08-14 16:06:40 UTC
alpha/sparc stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-16 02:23:50 UTC
Stable for HPPA.
Comment 9 Samuli Suominen (RETIRED) gentoo-dev 2010-08-16 02:42:54 UTC
all arch's done & vuln. version removed
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-22 22:56:55 UTC
Vote: YES.
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2010-10-08 21:36:52 UTC
GLSA Vote: Yes too, request filed.
Comment 12 Andreas K. Hüttel archtester gentoo-dev 2011-06-03 21:32:42 UTC
No vulnerable version in tree anymore. 
Nothing left to do for printing.
Comment 13 Sean Amoss (RETIRED) gentoo-dev Security 2014-12-12 00:33:49 UTC
This issue was resolved and addressed in
 GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).