419375 – (CVE-2012-2653) <net-analyzer/arpwatch-2.1.15-r8 Insufficient drop of privileges (CVE-2012-2653)

Bug 419375 (CVE-2012-2653) - <net-analyzer/arpwatch-2.1.15-r8 Insufficient drop of privileges (CVE-2012-2653)

Summary: <net-analyzer/arpwatch-2.1.15-r8 Insufficient drop of privileges (CVE-2012-2653)

Status:	RESOLVED FIXED

Alias:	CVE-2012-2653

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B1 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-06-02 16:39 UTC by Michael Weber (RETIRED)
Modified:	2016-07-20 12:06 UTC (History)
CC List:	2 users (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=825328
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Weber (RETIRED) gentoo-dev

2012-06-02 16:39:04 UTC

I just took a look at the patchset 
mirror://gentoo/arpwatch-patchset-0.5.tbz2
and i think the mentioned code lines are in 

/var/tmp/portage/net-analyzer/arpwatch-2.1.15-r6/work/arpwatch-patchset/08_all_arpwatch-2.1a15-drop-priveleges.patch

Comment 1 Michael Weber (RETIRED) gentoo-dev

2012-06-02 16:41:02 UTC

Personally debian gave me the hint:
http://lists.debian.org/debian-security-announce/2012/msg00121.html

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2016-02-21 06:35:55 UTC

Previous comments have proper link to other distro patches.  Maintainer/project please bump with appropriate patch.  No rdeps present so this is a candidate for tree cleaning.

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2016-02-21 07:18:17 UTC

Arch teams, please test and mark stable:
=net-analyzer/arpwatch-2.1.15-r8
Targeted stable KEYWORDS : amd64 hppa ppc sparc x86

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2016-02-22 06:01:47 UTC

Stable for HPPA.

Comment 5 Agostino Sarubbo gentoo-dev

2016-03-02 13:59:24 UTC

amd64 stable

Comment 6 Agostino Sarubbo gentoo-dev

2016-03-15 16:40:33 UTC

x86 stable

Comment 7 Agostino Sarubbo gentoo-dev

2016-03-16 12:04:25 UTC

ppc stable

Comment 8 Agostino Sarubbo gentoo-dev

2016-03-19 11:36:55 UTC

sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 9 Aaron Bauman (RETIRED) gentoo-dev

2016-03-19 12:55:32 UTC

GLSA request opened.

Comment 10 Aaron Bauman (RETIRED) gentoo-dev

2016-03-24 06:58:07 UTC

@maintainer, still pending cleanup.  Please let us know when complete or if you are unable to.  Thanks.

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2016-07-20 12:06:20 UTC

This issue was resolved and addressed in
 GLSA 201607-16 at https://security.gentoo.org/glsa/201607-16
by GLSA coordinator Aaron Bauman (b-man).