Re: possible CVE request for rpath issues fixed via slackware updates

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Some recent slackware updates fixed some rpath issues:
>
> Both issues possibly due to Slackware using /tmp/ for building (not
> saying they do, just guessing), whereas on Fedora etc, /builddir/ is used.

> llvm: http://www.linuxsecurity.com/content/view/160596?rdf

Use CVE-2013-7171.


> libiodbc: http://seclists.org/bugtraq/2013/Dec/93

Use CVE-2013-7172.


> I do not have any further details, other than the llvm one may be from 2001:
>
> http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-devel/llvm/files/llvm-3.3-insecure-rpath.patch?view=diff&r1=text&tr1=1.1&r2=text&tr2=1.1&diff_format=f

A "Mon Sep 17 00:00:00 2001" line actually doesn't mean that the patch
occurred in September 2001. That date is hardcoded into the git source
code; see the https://github.com/git/git/blob/master/log-tree.c file.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSs7LEAAoJEKllVAevmvmsWsIH/jSoDTMWpCNGTG+DSn3pmJV4
rJtN6LzJ11LYAZv7R/y4El8/8xH6EphaGUKJGWx/mt/cBa/MmKIout7S6dAZuXfP
NWZh0gCqYnBdrQKP1gjQlGBTaxzmI6IEmtBkXeBx9oqr4KOTrPrg9dcQR2R46HuT
K7G9Jf2EAPBLIgB9wNV5TEJ7N0j24Jr0oVcJELJMumTOs/urIrkQzOKRfxwiLi83
6q/8X3I3mMe+kNcOKkaIcgTOVqI56NCFfLn75aiu3Wypjvd0/5NHaneGHAcSQGOP
1Yet4EvneBcJYJ3SiCQv+iOUv4xzClAXpm34oTp/HM+g13+JcnrEwxn5OdasV2k=
=jWdQ
-----END PGP SIGNATURE-----