Mailinglist Archive: opensuse-security (256 mails)
| < Previous | Next > |
Re: [suse-security] Two vice-1.14 bugs...
- From: Marcus Meissner <meissner@xxxxxxx>
- Date: Fri, 25 Feb 2005 09:39:54 +0100
- Message-id: <20050225083954.GA20834@xxxxxxx>
On Thu, Feb 24, 2005 at 11:26:46PM +0100, pelibali wrote:
> Hi,
>
> While checking the vice-1.14 source rpm coming with SUSE 9.2 I could
> confirm, that two recent (?) patches I looked for are in fact included
> in it. Cited from the changelog:
>
> * Fri Aug 13 2004
> - there seems to be no version update, so fix security bug (bug
> #41976)
>
> * Thu Jul 01 2004
> - fix crash on 64-bit platforms (bug #39808)
>
> Is there a fix scheduled for 9.1 against them or are these two
> again not serious enough ?
None of the vice binaries are setuid/setgid, making this a non-issue.
We decided to fix this only in new released products.
Ciao, Marcus
> Hi,
>
> While checking the vice-1.14 source rpm coming with SUSE 9.2 I could
> confirm, that two recent (?) patches I looked for are in fact included
> in it. Cited from the changelog:
>
> * Fri Aug 13 2004
> - there seems to be no version update, so fix security bug (bug
> #41976)
>
> * Thu Jul 01 2004
> - fix crash on 64-bit platforms (bug #39808)
>
> Is there a fix scheduled for 9.1 against them or are these two
> again not serious enough ?
None of the vice binaries are setuid/setgid, making this a non-issue.
We decided to fix this only in new released products.
Ciao, Marcus
| < Previous | Next > |