Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 419375 (CVE-2012-2653) - <net-analyzer/arpwatch-2.1.15-r8 Insufficient drop of privileges (CVE-2012-2653)
Summary: <net-analyzer/arpwatch-2.1.15-r8 Insufficient drop of privileges (CVE-2012-2653)
Status: RESOLVED FIXED
Alias: CVE-2012-2653
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-02 16:39 UTC by Michael Weber (RETIRED)
Modified: 2016-07-20 12:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Weber (RETIRED) gentoo-dev 2012-06-02 16:39:04 UTC
I just took a look at the patchset 
mirror://gentoo/arpwatch-patchset-0.5.tbz2
and i think the mentioned code lines are in 

/var/tmp/portage/net-analyzer/arpwatch-2.1.15-r6/work/arpwatch-patchset/08_all_arpwatch-2.1a15-drop-priveleges.patch
Comment 1 Michael Weber (RETIRED) gentoo-dev 2012-06-02 16:41:02 UTC
Personally debian gave me the hint:
http://lists.debian.org/debian-security-announce/2012/msg00121.html
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-02-21 06:35:55 UTC
Previous comments have proper link to other distro patches.  Maintainer/project please bump with appropriate patch.  No rdeps present so this is a candidate for tree cleaning.
Comment 3 Jeroen Roovers gentoo-dev 2016-02-21 07:18:17 UTC
Arch teams, please test and mark stable:
=net-analyzer/arpwatch-2.1.15-r8
Targeted stable KEYWORDS : amd64 hppa ppc sparc x86
Comment 4 Jeroen Roovers gentoo-dev 2016-02-22 06:01:47 UTC
Stable for HPPA.
Comment 5 Agostino Sarubbo gentoo-dev 2016-03-02 13:59:24 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-03-15 16:40:33 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-03-16 12:04:25 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-03-19 11:36:55 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 9 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-19 12:55:32 UTC
GLSA request opened.
Comment 10 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-24 06:58:07 UTC
@maintainer, still pending cleanup.  Please let us know when complete or if you are unable to.  Thanks.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-07-20 12:06:20 UTC
This issue was resolved and addressed in
 GLSA 201607-16 at https://security.gentoo.org/glsa/201607-16
by GLSA coordinator Aaron Bauman (b-man).