Related to CVE-2011-0997
ipconfig vulnerability for malicious dhcpd if $DNSDOMAIN is later
used unquoted, than proof of concept involves
DNSDOMAIN="\\\"\$(echo owned; touch /tmp/owned)"
will be part of the just to be released klibc-1.5.22
@kernel-misc, can we go ahead with stabilization of dev-libs/klibc-1.5.23 ?
Maintainer timeout, quick test reveals no breakages in stable.
Arches, please test and mark stable =dev-libs/klibc-1.5.23
Target keywords: amd64 ppc x86
(In reply to Sergey Popov from comment #3)
> Maintainer timeout, quick test reveals no breakages in stable.
> Arches, please test and mark stable =dev-libs/klibc-1.5.23
> Target keywords: amd64 ppc x86
Speaking for kernel-misc, just stabilize the latest 1.5* version,
(In reply to Agostino Sarubbo from comment #5)
> amd64 stable
(In reply to Tim Harder from comment #4)
> Speaking for kernel-misc, just stabilize the latest 1.5* version,
klibc-1.5.23 went stable, while 1.5.25 was the target. can you please stabilize it also on amd64?
x86 done, thanks
Thanks for your work
New GLSA request filed
@maintainers: please clean affected versions.
Affected versions removed.
This issue was resolved and addressed in
GLSA 201309-21 at http://security.gentoo.org/glsa/glsa-201309-21.xml
by GLSA coordinator Chris Reffett (creffett).