CVE-2011-2193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2193): Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.
2.4.14 and 2.5.6 are both in the tree, both can be considered for stable as CR probably isn't going to fix 2.3.
(In reply to comment #1) > 2.4.14 and 2.5.6 are both in the tree, both can be considered for stable as CR > probably isn't going to fix 2.3. Thanks, Justin. Can we move forward? And which version should we target?
(In reply to comment #2) > (In reply to comment #1) > > 2.4.14 and 2.5.6 are both in the tree, both can be considered for stable as CR > > probably isn't going to fix 2.3. > > Thanks, Justin. Can we move forward? And which version should we target? I'd suggest 2.4.14.
Ok, tnx. Arches, please test and mark stable: =sys-cluster/torque-2.4.14 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
amd64: texlive-basic-2008-r1 has done it again, still, does not emerge. Subsequently can't emerge with use-doc emerges with USE="crypt syslog cpusets -doc drmaa server tk" emerge -1 torque
amd64 ok
(In reply to comment #5) > texlive-basic-2008-r1 has done it again, still, does not emerge. Subsequently > can't emerge with use-doc Ian, i've also hit this bug #369883... The solution is to rebuild dev-texlive/texlive-latex-2008-r2. Everything looks fine here on x86 with =sys-cluster/torque-2.4.14, apart from a revdep, but that is not a regression as of bug #328549.
Stable for HPPA.
amd64 stable
x86 stable, thanks Andreas
alpha/ia64/sparc stable
ppc64 done
ppc stable, last arch done
Thanks, folks. GLSA request filed.
All vulnerable versions gone, GLSA issued?
This issue was resolved and addressed in GLSA 201412-47 at http://security.gentoo.org/glsa/glsa-201412-47.xml by GLSA coordinator Yury German (BlueKnight).