Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 271670 (glsa-removal)

Summary: [Tracker] Remove vulnerable ebuilds from the tree
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: AuditingAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: esigra, nikoli
Priority: High Keywords: Tracker
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 271673, 271675, 271676, 271680, 271682, 271684, 271685, 271686, 271687, 271688, 271690, 271692, 271694, 271696, 271697, 271698, 271699, 271701, 271703, 271704, 271705, 271706, 271708, 271710, 271711, 271712, 271713, 271715, 271717, 271719, 271721, 271723, 271725, 271727, 271728, 271729, 271731, 271733, 271735, 271736, 271738, 271740, 271742, 271743, 271745, 271746, 271748, 271750, 271751, 271753, 271755, 271757, 271759, 271760, 271761, 271762, 271764, 271766, 271767, 271769, 271770, 271772, 282162    
Bug Blocks:    

Description Robert Buchholz (RETIRED) gentoo-dev 2009-05-29 12:55:58 UTC 
Ebuilds that are vulnerable to security issues should be removed from the tree when newer versions are stable that are not vulnerable. Maintainers are encouraged to remove ebuilds as soon as fixed ebuilds do not have any keyword regressions and it has been found that they do not introduce severe bugs.

Please mark all ebuild removal requests as a blocker of this bug if it was found an ebuild has not been removed after a reasonable timeframe.
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-07-29 16:06:18 UTC 
Remaining status (open bugs):

bug 271708: please review, no vuln versions in tree with referenced GLSA.
bug 271712: removed stabled keywords, left ~x86-fbsd
bug 271746: keyword req filed, one vuln version in tree still.
bug 271755: keyword req filed
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2010-07-19 06:49:32 UTC 
no open bugs left, for now
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-03-01 09:32:57 UTC 
This is apart of the standard Gentoo Security workflow now [0].  Trackers are used for multiple packages that are effected by a single CVE.

[0]: https://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide