Summary: | dev-db/sqlite < 3.4.0 Possible issues | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | betelgeuse, redpig |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 194812 | ||
Bug Blocks: |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2007-09-11 09:58:25 UTC
CC'ing reporter. any news here? maybe this could be made public? The advisory recommends to upgrade to 3.4.0, and we have 3.4.1 in the tree keyworded ~arch, is it ok to call arches for stabilization? please advise. Stable marking handled on bug #194812. unrestricting on reporter's request. (In reply to comment #2) > any news here? maybe this could be made public? The advisory recommends to > upgrade to 3.4.0, and we have 3.4.1 in the tree keyworded ~arch, is it ok to > call arches for stabilization? please advise. > Security: 3.4.1 is nowadays stable on all security supported arches so you probably should continue with your magic here. (In reply to comment #5) > (In reply to comment #2) > > any news here? maybe this could be made public? The advisory recommends to > > upgrade to 3.4.0, and we have 3.4.1 in the tree keyworded ~arch, is it ok to > > call arches for stabilization? please advise. > > > > Security: 3.4.1 is nowadays stable on all security supported arches so you > probably should continue with your magic here. > ACK. Thanks for the reminder, we've been overwhelmed by sec bugs recently and we just can't check after all of them :( We'll try to push the related glsa ASAP. (In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #2) > > > any news here? maybe this could be made public? The advisory recommends to > > > upgrade to 3.4.0, and we have 3.4.1 in the tree keyworded ~arch, is it ok to > > > call arches for stabilization? please advise. > > > > > > > Security: 3.4.1 is nowadays stable on all security supported arches so you > > probably should continue with your magic here. > > > ACK. Thanks for the reminder, we've been overwhelmed by sec bugs recently and > we just can't check after all of them :( > We'll try to push the related glsa ASAP. > After further analysis, it seems that no one cared enough to request CVE ids and to make a public advisory for this, probably considering that exploitation was unlikely. so, we'll just stick with the others distros, and close this without glsa. Feel free to reopen if you disagree. |