271133 – dev-libs/dbxml depends on <dev-libs/xerces-c-3

Bug 271133 - dev-libs/dbxml depends on <dev-libs/xerces-c-3

Summary: dev-libs/dbxml depends on <dev-libs/xerces-c-3

Status:	RESOLVED CANTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Tiziano Müller (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	271131
	Show dependency tree

Reported:	2009-05-24 20:55 UTC by Mark Loeser (RETIRED)
Modified:	2009-05-24 21:02 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Loeser (RETIRED) gentoo-dev

2009-05-24 20:55:04 UTC

Ebuilds for this package have an explicit dependency on a version of xerces-c
which is less than 3.0.0.  All of these ebuilds must be fixed since earlier
versions of xerces-c have a security vulnerability, and those versions of
xerces-c need to be removed from the tree or hard-masked.

dev-libs/dbxml/dbxml-2.4.13.2.ebuild:	=dev-libs/xerces-c-2.8*
dev-libs/dbxml/dbxml-2.4.16.1.ebuild:	=dev-libs/xerces-c-2.8*

Comment 1 Tiziano Müller (RETIRED) gentoo-dev

2009-05-24 21:02:52 UTC

Forum entry about it at upstream here:
http://forums.oracle.com/forums/thread.jspa?threadID=904180&tstart=0

Until upstream releases a new version with xerces-c-3 support there's nothing we can do.