List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
> I didn't test that patch; even if it's incorrect, bugreport is not about
> a patch. It's about a security issue.
Well, the bug report is about the patch. There's another bug about the
issues with LD_AUDIT: https://bugs.gentoo.org/show_bug.cgi?id=341755
> This proof-of-concept exploit still works in gentoo (amd64 stable at least,
> even hardened!), because some dangerous variables are not filtered out.
It still works because glibc-2.11.2-r2 with the fix is still keyworded
(yeah, epic fail goes on).