On Wed Jul 29 22:09:59 2015, JKEENAN wrote:
Show quoted text> On Sat Jul 25 06:37:11 2015, RICHE wrote:
>
>
> Here's is the patch that was applied in Gentoo:
>
>
https://bugs.gentoo.org/attachment.cgi?id=47116&action=edit
>
> However, the resolution is uncertain. On the one hand,
>
https://bugs.gentoo.org/show_bug.cgi?id=75696 is marked RESOLVED. On
> the other hand, the final post to the bug ticket -- on Jan 27 2005 --
> reads:
>
> #####
> We applied the RedHat patch (the same Debian applied for DSA-620 and
> Ubuntu for USN-44) but apparently this is not sufficient to avoid all
> exploitable race conditions. So this is a new bug, one that currently
> has no fix... and no CAN number yet, so I'll open another bug about
> it.
> #####
>
> It's not clear whether another bug ticket was ever opened.
>
> Thank you very much.
> Jim Keenan
The way I read the ticket is they didn't roll the patch into our distribution, and they're patching through their own release process. How I also read this is the implementation of the fix is incomplete at best.
Comparing the patch to the current code base, I see this has been implemented already. If you cross check and agree, I think we can close this RFE as fixed.