oss-sec mailing list archives
Re: possible CVE request for rpath issues fixed via slackware updates
From: cve-assign () mitre org
Date: Thu, 19 Dec 2013 22:06:05 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Some recent slackware updates fixed some rpath issues: Both issues possibly due to Slackware using /tmp/ for building (not saying they do, just guessing), whereas on Fedora etc, /builddir/ is used.
llvm: http://www.linuxsecurity.com/content/view/160596?rdf
Use CVE-2013-7171.
libiodbc: http://seclists.org/bugtraq/2013/Dec/93
Use CVE-2013-7172.
I do not have any further details, other than the llvm one may be from 2001: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-devel/llvm/files/llvm-3.3-insecure-rpath.patch?view=diff&r1=text&tr1=1.1&r2=text&tr2=1.1&diff_format=f
A "Mon Sep 17 00:00:00 2001" line actually doesn't mean that the patch occurred in September 2001. That date is hardcoded into the git source code; see the https://github.com/git/git/blob/master/log-tree.c file. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSs7LEAAoJEKllVAevmvmsWsIH/jSoDTMWpCNGTG+DSn3pmJV4 rJtN6LzJ11LYAZv7R/y4El8/8xH6EphaGUKJGWx/mt/cBa/MmKIout7S6dAZuXfP NWZh0gCqYnBdrQKP1gjQlGBTaxzmI6IEmtBkXeBx9oqr4KOTrPrg9dcQR2R46HuT K7G9Jf2EAPBLIgB9wNV5TEJ7N0j24Jr0oVcJELJMumTOs/urIrkQzOKRfxwiLi83 6q/8X3I3mMe+kNcOKkaIcgTOVqI56NCFfLn75aiu3Wypjvd0/5NHaneGHAcSQGOP 1Yet4EvneBcJYJ3SiCQv+iOUv4xzClAXpm34oTp/HM+g13+JcnrEwxn5OdasV2k= =jWdQ -----END PGP SIGNATURE-----
Current thread:
- possible CVE request for rpath issues fixed via slackware updates Murray McAllister (Dec 18)
- Re: possible CVE request for rpath issues fixed via slackware updates cve-assign (Dec 19)