From ${URL} : It was reported that the fix for CVE-2015-1196 was incomplete. It was reported to the Debian BTS as #775901[1] and as well mentioned in Red Hat's Bugzilla at [2]. Does this need a separate CVE? [1] https://bugs.debian.org/775901 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1182154#c10 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This is fixed in =sys-devel/patch-2.7.3. Stabilization of that version is handled in bug #536614.
Arches, Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s).
+ 16 Mar 2015; Lars Wendler <polynomial-c@gentoo.org> -patch-2.6.1.ebuild, + -files/gnulib_strnlen.c: + Removed vulnerable version. +
GLSA vote: no. Closing as [noglsa].