All ebuilds in app-i18n/uim have privilege escalation vulnerability
when you use it with immodule for Qt (if you build >=qt-3.3.2 with
USE="immqt" or USE="immqt-bc" you will get immodule for Qt). This is
fixed in uim-0.4.5.1 and uim-0.4.6_beta2.
usata, are there any setuid/setgid applications in the tree, which are linked against libuim? Otherwise we shouldn't be vulnerable... or am I overlooking something here?
Anyways... accepting bug.
arches, pls test and mark stable...
current KEYWORDS="x86 ~alpha ~ppc ~amd64 ~ppc64 ~sparc"
target KEYWORDS="x86 alpha ppc amd64 ppc64 sparc"
vorlon: I just checked my Gentoo desktop, and
found mlterm (USE="uim") is linked against libuim.
It is setgid to utmp.
stable on ppc64
hppa team: please add ~hppa keyword to uim-0.4.6_beta2.ebuild
as I removed uim-0.4.5-r1. (it was a snapshot from SVN repository)
*** Bug 83165 has been marked as a duplicate of this bug. ***
stable on ppc
This is CAN-2005-0503
Stable on alpha.
seems ready for GLSA, security pls review
removing hppa, cause it has been marked stable without notice
no entry in Changelog! but cvs log gives:
date: 2005/02/24 05:48:29; author: vapier; state: Exp; lines: +9 -10
hppa KEYWORDS for mr bones and misc cleanup
Already stable on hppa