Bug 864608 (CVE-2014-1846) - VUL-0: CVE-2014-1846: e17: Pull upstream security enhancements for enlightenment
Summary: VUL-0: CVE-2014-1846: e17: Pull upstream security enhancements for enlighten...
Status: RESOLVED INVALID
Alias: CVE-2014-1846
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Tomas Cech
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/96242/
Whiteboard:
Keywords:
Depends on: CVE-2014-1845
Blocks:
  Show dependency treegraph
 
Reported: 2014-02-19 12:38 UTC by Victor Pereira
Modified: 2014-02-19 12:47 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-02-19 12:38:22 UTC 
CVE-2014-1846



https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b
commit bb4a21e98656fe2c7d98ba2163e6defe9a630e2b
Author: Carsten Haitzler (Rasterman) <raster@rasterman.com>
Date:   Sat Nov 30 22:26:30 2013 +0900

    e_sys - address security concerns with  gdb

   
    remove gdb method as it's just too dangerous. run it as normal as
    the user and if the kernel / distro dny that - then sorry. too bad.



References:
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1846.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1846
Comment 1 Tomas Cech 2014-02-19 12:47:52 UTC 
This doesn't affect us as we ship our own sysactions.conf. The code is still there but unless you know what you're doing, you cannot enable such behaviour.

This is used for openSUSE 12.2+