[Bug 1357051] Re: Security & runtime + package bloat issue: gdomap .
Bug Watch Updater
1357051 at bugs.launchpad.net
Tue Jun 7 06:49:28 UTC 2016
** Changed in: gnustep-base (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1357051
Title:
Security & runtime + package bloat issue: gdomap .
Status in elementary OS:
Fix Released
Status in gnustep-base package in Ubuntu:
Fix Released
Status in gnustep-base package in Debian:
Fix Released
Bug description:
gdomap is running by default yet has no reason to be running by
default: gdomap -N . It is pulled from the chain of file-roller ->
unar -> Depends: gnustep-base-runtime & libgnustep-base1.24 . gdomap
is pulled in from gnustep-base-runtime.
According to Debian it shouldn't be there[in that package] or at least shouldn't be running by default and was changed.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717773
It has also been a pain in terms of being a constant security problem over the years. This random program also runs as root. The included version of 1.24.0 for example fits the <1.24.6 requirement listed here:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2980
There are boatloads more you can find previously and probably many
more to come in the future.
To manage notifications about this bug go to:
https://bugs.launchpad.net/elementaryos/+bug/1357051/+subscriptions
More information about the Ubuntu-sponsors
mailing list