http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080 The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0080 to this issue. This seems to affect only older ebuilds. Maybe we should mask them or remove them. I didn't find any reference that newer versions might be affected, regards, Tobias W. Reproducible: Always Steps to Reproduce:
looks like amd64 may be affected by this. all other arches have >= 2.12 marked as stable. amd64 -- can you see if >=2.12 can be marked stable?
Done.
It should be noted that login is usually installed from pam-login unless the pam USE flag is disabled. btw here's the GLSA draft for review: https://dev.gentoo.org/glsamaker/frame-view.php?id=29e61f37c42a2430a67cace8d6d36e89
GLSA on its way, changing product
GLSA sent.