This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201806-03">
<title>BURP: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities were discovered in BURP's Gentoo ebuild,
the worst of which could lead to root privilege escalation.
</synopsis>
<producttype="ebuild">burp</product>
<announced>2018-06-13</announced>
<revisedcount="1">2018-06-13</revised>
<bug>628770</bug>
<bug>641842</bug>
<access>remote</access>
<affected>
<packagename="app-backup/burp"auto="yes"arch="*">
<unaffectedrange="ge">2.1.32</unaffected>
<vulnerablerange="lt">2.1.32</vulnerable>
</package>
</affected>
<background>
<p>A network backup and restore program.</p>
</background>
<description>
<p>It was discovered that Gentoo’s BURP ebuild does not properly set
permissions or place the pid file in a safe directory.
</p>
</description>
<impacttype="normal">
<p>A local attacker could escalate privileges.</p>
</impact>
<workaround>
<p>Users should ensure the proper permissions are set as discussed in the
referenced bugs.
</p>
</workaround>
<resolution>
<p>All BURP users should upgrade to the latest version:</p>