oss-sec mailing list archives
possible CVE request for rpath issues fixed via slackware updates
From: Murray McAllister <mmcallis () redhat com>
Date: Thu, 19 Dec 2013 16:08:06 +1100
Hello, Some recent slackware updates fixed some rpath issues: llvm: http://www.linuxsecurity.com/content/view/160596?rdf libiodbc: http://seclists.org/bugtraq/2013/Dec/93 I do not have any further details, other than the llvm one may be from 2001: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-devel/llvm/files/llvm-3.3-insecure-rpath.patch?view=diff&r1=text&tr1=1.1&r2=text&tr2=1.1&diff_format=f Both issues possibly due to Slackware using /tmp/ for building (not saying they do, just guessing), whereas on Fedora etc, /builddir/ is used. Are CVEs needed (if not already assigned)? Thanks, -- Murray McAllister / Red Hat Security Response Team
Current thread:
- possible CVE request for rpath issues fixed via slackware updates Murray McAllister (Dec 18)
- Re: possible CVE request for rpath issues fixed via slackware updates cve-assign (Dec 19)