Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 586046 - <dev-vcs/subversion-1.9.4: request for stabilization (CVE-2016-{2167,2168})
Summary: <dev-vcs/subversion-1.9.4: request for stabilization (CVE-2016-{2167,2168})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-15 18:42 UTC by Hanno Böck
Modified: 2016-10-11 12:47 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-06-15 18:42:20 UTC 
Currently in Gentoo Subversion 1.8.16 is the latest stable release. Can we move the stabilization forward to the 1.9 branch? I don't see an indication on subversion's upstream webpage that they consider 1.9 a beta or less stable release branch of any kind.

(my personal interest in this is that I'm working on an address sanitizer enabled version of Gentoo and subversion 1.9.4 fixed a bunch of bugs related to invalid memory reads and undefined behavior that I don't think will be backported to 1.8)
Comment 1 Thomas Sachau gentoo-dev 2016-08-06 17:15:08 UTC 
Re-assigning to maintainer for >=subversion-1.8
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2016-08-06 17:21:39 UTC 
Arches please test and mark stable =dev-vcs/subversion-1.9.4 with target KEYWORDS:

alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
Comment 3 Markus Meier gentoo-dev 2016-08-18 19:51:48 UTC 
arm stable
Comment 4 Eric Johnson 2016-09-02 16:30:13 UTC 
Any progress on this? Anything I can do to help? Hoping to see this go stable on arm64, but of course, only if it is ready....
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2016-09-03 20:31:36 UTC 
Stable on alpha.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2016-09-26 02:28:07 UTC 
This is a security vulnerability, re-ssinging it to Security.
Assigning to existing GLSA, will release as soon as stabilization is done.
Please continue with stabilization.
Comment 7 Agostino Sarubbo gentoo-dev 2016-09-26 12:56:54 UTC 
amd64 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2016-09-28 18:00:43 UTC 
Stable for PPC64.
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2016-09-29 03:31:40 UTC 
Stable for HPPA.
Comment 10 Agostino Sarubbo gentoo-dev 2016-09-29 08:41:44 UTC 
x86 stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-09-29 09:36:31 UTC 
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2016-09-29 12:37:28 UTC 
ppc stable
Comment 13 Agostino Sarubbo gentoo-dev 2016-09-29 13:29:53 UTC 
ia64 stable.

Maintainer(s), please cleanup.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2016-10-11 12:47:55 UTC 
This issue was resolved and addressed in
 GLSA 201610-05 at https://security.gentoo.org/glsa/201610-05
by GLSA coordinator Aaron Bauman (b-man).