[Pkg-gmagick-im-team] Bug#559833: CVE-2009-3736 local privilege escalation

Moritz Muehlenhoff jmm at inutil.org
Tue Mar 2 22:20:17 UTC 2010


On Tue, Mar 02, 2010 at 11:14:50PM +0100, Stefano Zacchiroli wrote:
> On Mon, Dec 07, 2009 at 12:05:22AM -0500, Michael Gilbert wrote:
> > The following CVE (Common Vulnerabilities & Exposures) id was
> > published for libtool.  I have determined that this package embeds a
> > vulnerable copy of the libtool source code.  However, since this is a
> > mass bug filing (due to so many packages embedding libtool), I have
> > not had time to determine whether the vulnerable code is actually
> > present in any of the binary packages. Please determine whether this
> > is the case. If the binary packages are not affected, please feel free
> > to close the bug with a message containing the details of what you did
> > to check.
> 
> I believe this bug report can be closed as false positive. I detail
> below my verifications to that conclusion and I copy the security team
> for insights.

Ack. In the embedded-code-copies file in the Security Tracker we've
marked this as fixed since 6:6.2.3.1-1, so this bug can be closed.

Cheers,
        Moritz





More information about the Pkg-gmagick-im-team mailing list