[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: possible CVE request for rpath issues fixed via slackware updates
From: cve-assign () mitre ! org
Date: 2013-12-20 3:06:05
Message-ID: 201312200306.rBK365rt015176 () linus ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Some recent slackware updates fixed some rpath issues:
>
> Both issues possibly due to Slackware using /tmp/ for building (not
> saying they do, just guessing), whereas on Fedora etc, /builddir/ is used.
> llvm: http://www.linuxsecurity.com/content/view/160596?rdf
Use CVE-2013-7171.
> libiodbc: http://seclists.org/bugtraq/2013/Dec/93
Use CVE-2013-7172.
> I do not have any further details, other than the llvm one may be from 2001:
>
> http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-devel/llvm/files/llvm-3.3-insecure-rpath.patch?view=diff&r1=text&tr1=1.1&r2=text&tr2=1.1&diff_format=f
>
A "Mon Sep 17 00:00:00 2001" line actually doesn't mean that the patch
occurred in September 2001. That date is hardcoded into the git source
code; see the https://github.com/git/git/blob/master/log-tree.c file.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJSs7LEAAoJEKllVAevmvmsWsIH/jSoDTMWpCNGTG+DSn3pmJV4
rJtN6LzJ11LYAZv7R/y4El8/8xH6EphaGUKJGWx/mt/cBa/MmKIout7S6dAZuXfP
NWZh0gCqYnBdrQKP1gjQlGBTaxzmI6IEmtBkXeBx9oqr4KOTrPrg9dcQR2R46HuT
K7G9Jf2EAPBLIgB9wNV5TEJ7N0j24Jr0oVcJELJMumTOs/urIrkQzOKRfxwiLi83
6q/8X3I3mMe+kNcOKkaIcgTOVqI56NCFfLn75aiu3Wypjvd0/5NHaneGHAcSQGOP
1Yet4EvneBcJYJ3SiCQv+iOUv4xzClAXpm34oTp/HM+g13+JcnrEwxn5OdasV2k=
=jWdQ
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic