Fedora Legacy Test Update Notification: slocate

Thu Feb 5 06:21:58 UTC 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-1230
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1232
2004-02-04
- ---------------------------------------------------------------------

Name        : slocate
Version 7.2 : 2.7-1.7.2
Version 7.3 : 2.7-1.7.3
Version 8.0 : 2.7-1.8.0
Summary     : Finds files on a system via a central database.
Description :
Slocate is a security-enhanced version of locate. Just like locate,
slocate searches through a central database (which is updated nightly)
for files that match a given pattern. Slocate allows you to quickly
find files anywhere on your system.

- ---------------------------------------------------------------------
Update Information:

CAN-2003-0848:
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other 
versions, may allow local users to gain privileges via a modified slocate 
database that causes a negative "pathlen" value to be used.

- ---------------------------------------------------------------------
Changelog:

* Wed Feb 04 2004 Jesse Keating <jkeating at j2solutions.net>

- - 2.x.x.legacy
- - fixed package version, pushing to updates.
- - fixed URL

* Thu Jan 22 2004 Michael Schwendt <mschwendt[AT]users.sf.net>

- - Fix automake regeneration (adds buildreq autoconf,automake).
- - Clear buildroot at beginning of %install.
- - Copyright->License, Prereq->Requires(pre,preun).

* Wed Jan 21 2004 Mark Cox <mjc at redhat.com>

- - drop privs for non slocate gid databases (CAN-2003-0848)
- - update to 2.7

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
(sha1sums)

50b9bf61a1c6066c2c0671cb9c38a18f07c9e5fa  
7.2/updates-testing/SRPMS/slocate-2.7-1.7.2.legacy.src.rpm
47b001b499d89b75a8bad2dafb884d9c393c1e9a  
7.2/updates-testing/i386/slocate-2.7-1.7.2.legacy.i386.rpm

b3654ebce54ae26617f2f18457fa9731542971ab  
7.3/updates-testing/SRPMS/slocate-2.7-1.7.3.legacy.src.rpm
eae25387e00a671974e0c43aa5b7f478dd04636f  
7.3/updates-testing/i386/slocate-2.7-1.7.3.legacy.i386.rpm

b2238d14cec50187139883c34265c905b8495109  
8.0/updates-testing/SRPMS/slocate-2.7-1.8.0.legacy.src.rpm
a22d3b45922b0123a0ca9035dd9f66093d63651d  
8.0/updates-testing/i386/slocate-2.7-1.8.0.legacy.i386.rpm

- ---------------------------------------------------------------------
Notes:
This is an upgrade rather than a backport.  Many bugfixes between 2.6 and 
2.7, very very little changes externally.  RHEL 2.1 also updated rather 
than backported.  Tests well.

Please test and comment in bugzilla.

- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
Mondo DevTeam		(www.mondorescue.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAIeEG4v2HLvE71NURAnsGAJ9repVII+pukj652Bk2VRpIjWs0cwCgpaCh
WvaN6N9pDYMXYGOihr3NVHk=
=nghA
-----END PGP SIGNATURE-----