Slackware issued an advisory on December 16: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.395467 You can find the patch they applied here: http://mirrors.slackware.com/slackware/slackware-current/source/d/llvm/ It's not clear to me what this vulnerability really is or if fixing this is necessary. It sounds similar to the libiodbc one that I reported in Bug 12029. Reproducible: Steps to Reproduce:
CC: (none) => anssi.hannula, cjw, fundawang, mageia, mitya, thierry.vignaud, tmb
More info on this: http://openwall.com/lists/oss-security/2013/12/19/2
A CVE was assigned for this: http://openwall.com/lists/oss-security/2013/12/20/1
Summary: llvm possible security issue => llvm possible security issue (CVE-2013-7171)
Blocks: (none) => 11726
for i in `rpm -ql llvm | grep "/usr/bin"`; do objdump -x $i | grep RPATH; done renders nul. I'd say this is invalid.
CC: (none) => oe
Thanks Oden!
Status: NEW => RESOLVEDResolution: (none) => INVALID