The route manager in flightgear is able to overwrite arbitrary files that a user has write access to, which can lead to possible code execution. A CVE has been requested for this issue but is not yet assigned. This issue supposedly affects any version of flightgear released after 2009 and includes versions 3.4.0 and 2016.3.1 which are available in the gentoo repo. An upstream patch is available at https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/log/ More information is available via the debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848114 Reproducible: Didn't try
@ Arches, please test and mark stable: =games-simulation/flightgear-2016.4.4 =games-simulation/flightgear-data-2016.4.4
An automated check of this bug failed - repoman reported dependency errors (49 lines truncated): > dependency.bad games-simulation/flightgear/flightgear-2016.4.4.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~dev-games/simgear-2016.4.4'] > dependency.bad games-simulation/flightgear/flightgear-2016.4.4.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~dev-games/simgear-2016.4.4'] > dependency.bad games-simulation/flightgear/flightgear-2016.4.4.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~dev-games/simgear-2016.4.4']
@ Arches, please also stabilize required =dev-games/simgear-2016.4.4
Please re-CC arches when the dependent build failure is fixed.
(In reply to Aaron Bauman from comment #4) > Please re-CC arches when the dependent build failure is fixed. @ Arches, please try again.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
commit d57e2633cf40bec897c0baa75b9cb58225caa2f2 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sat Jan 14 02:32:57 2017 dev-games/simgear: Security cleanup (bug #602658). Package-Manager: Portage-2.3.3, Repoman-2.3.1 commit ef2f2cb70285466776f4dd10718fb0851956c31c Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sat Jan 14 02:30:52 2017 games-simulation/flightgear-data: Security cleanup (bug #602658). Package-Manager: Portage-2.3.3, Repoman-2.3.1 commit 8170f20931e723b17be2916cefbcccf71691706d Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sat Jan 14 02:29:44 2017 games-simulation/flightgear: Security cleanup (bug #602658). Package-Manager: Portage-2.3.3, Repoman-2.3.1
GLSA Vote: No Repository is clean, all done.