This is really a security bug as kde-base/kdelibs:3.5 is affected by at least these, Remote code execution (CVE-2009-1690), bug 274566 Remote code execution (CVE-2009-1725), bug 279027 SSL certificate spoofing (CVE-2009-2702), bug 285018 And this is blocking it's masking. Bug 295327 is soon to follow.
You should get the package list from the meta ebuild itself.
Um, so why isn't security@g.o the assignee?? Because kde@.g.o put an unrequested and undesired mask on kde-3.5?
Note that this will take a while on alpha since the packages aren't exactly lightweight. But we're aware of this bug and its urgency.
(In reply to comment #2) > Um, so why isn't security@g.o the assignee?? Because kde@.g.o put an > unrequested and undesired mask on kde-3.5? Jeroen, Gentoo is probably one of the last distros still having KDE-3.5 around. The reason we waited this long was the feeling that KDE-4 wasn't yet as stable as KDE-3.5. Unfortunately, upstream simply stopped caring about KDE-3.5 a long time ago and as a result we now have a few serious security holes in KDE-3.5. The Gentoo KDE team could no longer trust on KDE-3.5 and that's what lead to all the rush with the KDE-4 stabilization and getting 3.5 masked. The security team does have open bugs for some of the security issues affecting KDE-3.5.
Masking KOffice 1.x will proceed 2010-01-01 as it doesn't compile anymore on ~arch due to new Autoconf >= 2.64.
Stable for HPPA.
alpha/ia64/sparc will pass unless an user requests it(since the keyword was dropped already)
~ppc64 done
~ppc done; closing as last arch
