From $URL: Related to CVE-2011-0997 ipconfig vulnerability for malicious dhcpd if $DNSDOMAIN is later used unquoted, than proof of concept involves DNSDOMAIN="\\\"\$(echo owned; touch /tmp/owned)" fix: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=46a0f831582629612f0ff9707ad1292887f26bff will be part of the just to be released klibc-1.5.22
@kernel-misc, can we go ahead with stabilization of dev-libs/klibc-1.5.23 ?
Ping?
Maintainer timeout, quick test reveals no breakages in stable. Arches, please test and mark stable =dev-libs/klibc-1.5.23 Target keywords: amd64 ppc x86
(In reply to Sergey Popov from comment #3) > Maintainer timeout, quick test reveals no breakages in stable. > > Arches, please test and mark stable =dev-libs/klibc-1.5.23 > > Target keywords: amd64 ppc x86 Speaking for kernel-misc, just stabilize the latest 1.5* version, =dev-libs/klibc-1.5.25
amd64 stable
(In reply to Agostino Sarubbo from comment #5) > amd64 stable (In reply to Tim Harder from comment #4) [..] > Speaking for kernel-misc, just stabilize the latest 1.5* version, > =dev-libs/klibc-1.5.25 klibc-1.5.23 went stable, while 1.5.25 was the target. can you please stabilize it also on amd64?
x86 done, thanks
marked ~ppc
Thanks for your work New GLSA request filed
@maintainers: please clean affected versions.
Affected versions removed.
This issue was resolved and addressed in GLSA 201309-21 at http://security.gentoo.org/glsa/glsa-201309-21.xml by GLSA coordinator Chris Reffett (creffett).