Gentoo Archives: gentoo-security

From: Pavel Labushev <p.labushev@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] #342619 RESOLVED WONTFIX
Date: Thu, 28 Oct 2010 02:13:35
Message-Id: 4CC8D077.7040605@gmail.com
In Reply to: Re: [gentoo-security] #342619 RESOLVED WONTFIX by dev-random@mail.ru
> I didn't test that patch; even if it's incorrect, bugreport is not about > a patch. It's about a security issue.
Well, the bug report is about the patch. There's another bug about the issues with LD_AUDIT: https://bugs.gentoo.org/show_bug.cgi?id=341755
> This proof-of-concept exploit still works in gentoo (amd64 stable at least, > even hardened!), because some dangerous variables are not filtered out.
It still works because glibc-2.11.2-r2 with the fix is still keyworded (yeah, epic fail goes on).

Replies

Subject Author
Re: [gentoo-security] #342619 RESOLVED WONTFIX Mateusz Arkadiusz Mierzwinski <mateuszmierzwinski@×××××.com>