Comment 1 Jonas Stein 2017-06-03 08:12:44 UTC

Thank you

Comment 2 Lars Wendler (Polynomial-C) (RETIRED) 2017-06-03 11:49:38 UTC

commit fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0 (HEAD -> master, origin/master, origin/HEAD)             
Author: Lars Wendler <polynomial-c@gentoo.org>      
Date:   Sat Jun 3 13:48:46 2017                     

    app-arch/bzip2: Security revbump to fix CVE-2016-3189 (bug #620466).                                 
                                                    
    Package-Manager: Portage-2.3.6, Repoman-2.3.2

Comment 3 Lars Wendler (Polynomial-C) (RETIRED) 2017-06-03 11:51:08 UTC

Arches please test and mark stable =app-arch/bzip2-1.0.6-r8 with target KEYWORDS:

alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd

Comment 4 Agostino Sarubbo 2017-06-03 12:30:56 UTC

A duplicate of 586670, however, a READ issue in a command line tool is not considered cve-worthy, so this is not a security issue at all.

Comment 5 Agostino Sarubbo 2017-06-04 10:35:08 UTC

amd64 stable

Comment 6 Agostino Sarubbo 2017-06-04 10:43:54 UTC

x86 stable

Comment 7 Tobias Klausmann (RETIRED) 2017-06-04 19:21:57 UTC

Stable on alpha.

Comment 8 Sergei Trofimovich (RETIRED) 2017-06-04 19:38:12 UTC

ia64 stable

Comment 9 Thomas Deutschmann (RETIRED) 2017-06-04 20:34:40 UTC

*** Bug 586670 has been marked as a duplicate of this bug. ***

Comment 10 Thomas Deutschmann (RETIRED) 2017-06-04 20:38:15 UTC

New GLSA request filed.

Comment 11 Markus Meier 2017-06-08 05:10:06 UTC

arm stable

Comment 12 Agostino Sarubbo 2017-06-10 13:48:25 UTC

sparc stable

Comment 13 Agostino Sarubbo 2017-06-13 12:34:15 UTC

ppc64 stable

Comment 14 Agostino Sarubbo 2017-06-21 12:02:11 UTC

ppc stable

Comment 15 Yury German 2017-08-02 03:09:47 UTC

Arches or maintainers please stabilize for Hippo ASAP. Security will release GLSA for this in 7 days with or without hppa arch being stable.

Comment 16 GLSAMaker/CVETool Bot 2017-08-21 01:30:20 UTC

This issue was resolved and addressed in
 GLSA 201708-08 at https://security.gentoo.org/glsa/201708-08
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 17 Thomas Deutschmann (RETIRED) 2017-08-21 01:31:15 UTC

Re-opening for remaining architecture.

Comment 18 Yury German 2017-09-03 21:59:40 UTC

hppa stabilization (see Bug #629554)
Maintainer(s), please drop the vulnerable version(s).

Comment 19 Sergei Trofimovich (RETIRED) 2017-09-09 20:03:17 UTC

stable for hppa (thank to Dakon)

Last arch is done here.

Comment 20 Christopher Díaz Riveros (RETIRED) 2017-09-10 03:04:27 UTC

Thank you,

@Maintainers please let us know when all vulnerable versions are dropped from tree.

Gentoo Security Padawan
ChrisADR

Comment 21 Yury German 2017-10-02 04:34:55 UTC

Maintainer(s), please drop the vulnerable version(s).
New month (October), vulnerable version still in tree.

Comment 22 Thomas Deutschmann (RETIRED) 2017-10-02 09:13:12 UTC

Cleaned up via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6eb83da9c38ad23a3dd6acdb8691dd51de94bc5

Repository is clean, all done.