On Tuesday 25 March 2003 8:50 am, Daniel Ahlberg wrote: > - --------------------------------------------------------------------- > GENTOO LINUX SECURITY ANNOUNCEMENT 200303-22 > - --------------------------------------------------------------------- > > PACKAGE : glibc > SUMMARY : integer overflow > DATE : 2003-03-25 08:49 UTC > EXPLOIT : remote > VERSIONS AFFECTED : <2.3.1-r4 (arm: <2.2.5-r8) > FIXED VERSION : >=2.3.1-r4 (arm: >=2.2.5-r8) > CVE : CAN-2003-0028 > > - ---------------------------------------------------------------------
> It is recommended that all Gentoo Linux users who are running > sys-libs/glibc upgrade to > glibc-2.3.1-r4 (arm: glibc-2.2.5-r8) as follows: Many of my machines are running gentoo 1.2, not 1.4. /usr/portage/profiles/default-x86-1.0/packages has glibc pinned to *=sys-libs/glibc-2.2.5-r7 Is this an oversight? or is something known about the status of 2.2.5-r8 with that profile? Thanks in advance, -- [EMAIL PROTECTED] mailing list
