[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: possible CVE request for rpath issues fixed via slackware updates
From:       cve-assign () mitre ! org
Date:       2013-12-20 3:06:05
Message-ID: 201312200306.rBK365rt015176 () linus ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Some recent slackware updates fixed some rpath issues:
> 
> Both issues possibly due to Slackware using /tmp/ for building (not
> saying they do, just guessing), whereas on Fedora etc, /builddir/ is used.

> llvm: http://www.linuxsecurity.com/content/view/160596?rdf

Use CVE-2013-7171.


> libiodbc: http://seclists.org/bugtraq/2013/Dec/93

Use CVE-2013-7172.


> I do not have any further details, other than the llvm one may be from 2001:
> 
> http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-devel/llvm/files/llvm-3.3-insecure-rpath.patch?view=diff&r1=text&tr1=1.1&r2=text&tr2=1.1&diff_format=f
> 

A "Mon Sep 17 00:00:00 2001" line actually doesn't mean that the patch
occurred in September 2001. That date is hardcoded into the git source
code; see the https://github.com/git/git/blob/master/log-tree.c file.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSs7LEAAoJEKllVAevmvmsWsIH/jSoDTMWpCNGTG+DSn3pmJV4
rJtN6LzJ11LYAZv7R/y4El8/8xH6EphaGUKJGWx/mt/cBa/MmKIout7S6dAZuXfP
NWZh0gCqYnBdrQKP1gjQlGBTaxzmI6IEmtBkXeBx9oqr4KOTrPrg9dcQR2R46HuT
K7G9Jf2EAPBLIgB9wNV5TEJ7N0j24Jr0oVcJELJMumTOs/urIrkQzOKRfxwiLi83
6q/8X3I3mMe+kNcOKkaIcgTOVqI56NCFfLn75aiu3Wypjvd0/5NHaneGHAcSQGOP
1Yet4EvneBcJYJ3SiCQv+iOUv4xzClAXpm34oTp/HM+g13+JcnrEwxn5OdasV2k=
=jWdQ
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]