Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 271670 (glsa-removal) - [Tracker] Remove vulnerable ebuilds from the tree
Summary: [Tracker] Remove vulnerable ebuilds from the tree
Status: RESOLVED FIXED
Alias: glsa-removal
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: Tracker
Depends on: 271673 271675 271676 271680 271682 271684 271685 271686 271687 271688 271690 271692 271694 271696 271697 271698 271699 271701 271703 271704 271705 271706 271708 271710 271711 271712 271713 271715 271717 271719 271721 271723 271725 271727 271728 271729 271731 271733 271735 271736 271738 271740 271742 271743 271745 271746 271748 271750 271751 271753 271755 271757 271759 271760 271761 271762 271764 271766 271767 271769 271770 271772 282162
Blocks:
  Show dependency tree
 
Reported: 2009-05-29 12:55 UTC by Robert Buchholz (RETIRED)
Modified: 2016-03-01 09:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-05-29 12:55:58 UTC 
Ebuilds that are vulnerable to security issues should be removed from the tree when newer versions are stable that are not vulnerable. Maintainers are encouraged to remove ebuilds as soon as fixed ebuilds do not have any keyword regressions and it has been found that they do not introduce severe bugs.

Please mark all ebuild removal requests as a blocker of this bug if it was found an ebuild has not been removed after a reasonable timeframe.
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-07-29 16:06:18 UTC 
Remaining status (open bugs):

bug 271708: please review, no vuln versions in tree with referenced GLSA.
bug 271712: removed stabled keywords, left ~x86-fbsd
bug 271746: keyword req filed, one vuln version in tree still.
bug 271755: keyword req filed
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2010-07-19 06:49:32 UTC 
no open bugs left, for now
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-03-01 09:32:57 UTC 
This is apart of the standard Gentoo Security workflow now [0].  Trackers are used for multiple packages that are effected by a single CVE.

[0]: https://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide