ubuntu-translations-coordinators team mailing list archive
-
ubuntu-translations-coordinators team
-
Mailing list archive
-
Message #09424
[Bug 1357051] [NEW] Security & runtime + package bloat issue: gdomap .
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
gdomap is running by default yet has no reason to be running by default:
gdomap -N . It is pulled from the chain of file-roller -> unar ->
Depends: gnustep-base-runtime & libgnustep-base1.24 . gdomap is pulled
in from gnustep-base-runtime.
According to Debian it shouldn't be there[in that package] or at least shouldn't be running by default and was changed.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717773
It has also been a pain in terms of being a constant security problem over the years. This random program also runs as root. The included version of 1.24.0 for example fits the <1.24.6 requirement listed here:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2980
There are boatloads more you can find previously and probably many more
to come in the future.
** Affects: elementaryos
Importance: Medium
Assignee: Cody Garver (codygarver)
Status: Fix Released
** Affects: ubuntu-translations
Importance: Unknown
Status: Fix Released
** Affects: unar
Importance: Undecided
Status: Invalid
** Affects: gnustep-base (Ubuntu)
Importance: High
Status: Fix Released
** Tags: freya gdomap gnustep patch ubuntu
--
Security & runtime + package bloat issue: gdomap .
https://bugs.launchpad.net/bugs/1357051
You received this bug notification because you are a member of Ubuntu Translations Coordinators, which is subscribed to Ubuntu Translations.