Summary: | <app-crypt/libu2f-host-1.1.10: library security release (CVE-2018-20340) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Gabriel <g.kihlman+gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | crypto+disabled, gokturk |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.yubico.com/support/security-advisories/ysa-2019-01/ | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=687476 https://bugs.gentoo.org/show_bug.cgi?id=679724 |
||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Gabriel
2019-02-22 13:51:35 UTC
The fix for this version as per YubiKey is: Version 1.1.7 (released 2019-01-08) Current released version is: Version 1.1.9 (released 2019-03-06) Maintainers, can you please act on this as soon as possible. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a1fc80ba7e47494400019c924245aff51b8307e commit 1a1fc80ba7e47494400019c924245aff51b8307e Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2019-06-05 20:00:59 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2019-06-05 20:05:25 +0000 app-crypt/libu2f-host: bump to 1.1.10 Bug: https://bugs.gentoo.org/678580 Bug: https://bugs.gentoo.org/679724 Package-Manager: Portage-2.3.67, Repoman-2.3.12 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-crypt/libu2f-host/Manifest | 1 + app-crypt/libu2f-host/libu2f-host-1.1.10.ebuild | 47 +++++++++++++++++++++++++ 2 files changed, 48 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51323d25822747871328d2d8578f48cdd5dbe8c5 commit 51323d25822747871328d2d8578f48cdd5dbe8c5 Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2019-06-08 19:08:27 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2019-06-08 19:08:27 +0000 app-crypt/libu2f-host: remove old vulnerable #678580 #679724 Bug: https://bugs.gentoo.org/678580 Bug: https://bugs.gentoo.org/679724 Package-Manager: Portage-2.3.67, Repoman-2.3.12 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-crypt/libu2f-host/Manifest | 3 -- app-crypt/libu2f-host/libu2f-host-1.1.1.ebuild | 63 -------------------------- app-crypt/libu2f-host/libu2f-host-1.1.3.ebuild | 55 ---------------------- app-crypt/libu2f-host/libu2f-host-1.1.6.ebuild | 55 ---------------------- 4 files changed, 176 deletions(-) GLSA Vote: Yes New GLSA Request filed. This issue was resolved and addressed in GLSA 202004-15 at https://security.gentoo.org/glsa/202004-15 by GLSA coordinator Thomas Deutschmann (whissi). |