Comment 1 Tobias Heinlein (RETIRED) 2015-07-07 20:30:19 UTC

Lars will prepare patched ebuilds, though we suspect that the official releases will look a bit different.

Ago and jer, will you be available on Thursday for rapid stabilization?

Comment 2 Agostino Sarubbo 2015-07-07 20:47:31 UTC

(In reply to Tobias Heinlein from comment #1)
> Lars will prepare patched ebuilds, though we suspect that the official
> releases will look a bit different.
I read about his machine broken.
 
> Ago and jer, will you be available on Thursday for rapid stabilization?
Yes, I am

Comment 3 Lars Wendler (Polynomial-C) (RETIRED) 2015-07-09 10:45:00 UTC

(In reply to Agostino Sarubbo from comment #2)
> (In reply to Tobias Heinlein from comment #1)
> > Lars will prepare patched ebuilds, though we suspect that the official
> > releases will look a bit different.
> I read about his machine broken.

My dev machine broke but I've set up my notebook as replacement until I got time to fix my dev machine. So I gonna do the bump.

Comment 4 Kristian Fiskerstrand (RETIRED) 2015-07-09 12:59:16 UTC

Now public via https://www.openssl.org/news/secadv_20150709.txt

Comment 5 Lars Wendler (Polynomial-C) (RETIRED) 2015-07-09 13:10:07 UTC

*** Bug 554326 has been marked as a duplicate of this bug. ***

Comment 6 SpanKY 2015-07-09 14:08:25 UTC

Commit message: Version bump
http://sources.gentoo.org/dev-libs/openssl/files/openssl-1.0.1p-parallel-build.patch?rev=1.1
http://sources.gentoo.org/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch?rev=1.1
http://sources.gentoo.org/dev-libs/openssl/openssl-1.0.1p.ebuild?rev=1.1
http://sources.gentoo.org/dev-libs/openssl/openssl-1.0.2d.ebuild?rev=1.1

Comment 7 SpanKY 2015-07-09 14:09:55 UTC

herds really should be cc-ed on these bugs too

Comment 8 Agostino Sarubbo 2015-07-09 14:19:22 UTC

Arches, please test and mark stable:
=dev-libs/openssl-1.0.1p
=dev-libs/openssl-1.0.2d
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 9 Agostino Sarubbo 2015-07-09 14:39:42 UTC

(In reply to Agostino Sarubbo from comment #8)
> Arches, please test and mark stable:
> =dev-libs/openssl-1.0.1p
> =dev-libs/openssl-1.0.2d
> Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc
> x86"

My mistake, 1.0.2 series is not stable so is enough 1.0.1p


Arches, please test and mark stable:
=dev-libs/openssl-1.0.1p
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 10 Agostino Sarubbo 2015-07-09 15:04:16 UTC

amd64 stable

Comment 11 Agostino Sarubbo 2015-07-09 15:04:31 UTC

x86 stable

Comment 12 Mikle Kolyada (RETIRED) 2015-07-09 18:12:53 UTC

arm stable

Comment 13 Jeroen Roovers (RETIRED) 2015-07-10 06:55:18 UTC

Stable for PPC64.

Comment 14 Jeroen Roovers (RETIRED) 2015-07-10 07:14:14 UTC

Stable for HPPA.

Comment 15 Kristian Fiskerstrand (RETIRED) 2015-07-10 08:44:30 UTC

GLSA draft (e46c5ae2e) is ready for release once stabilization is done

Comment 16 Tobias Klausmann (RETIRED) 2015-07-10 11:18:50 UTC

Stable on alpha.

Comment 17 Agostino Sarubbo 2015-07-10 12:38:25 UTC

ia64 stable

Comment 18 Agostino Sarubbo 2015-07-10 12:38:43 UTC

ppc stable

Comment 19 Agostino Sarubbo 2015-07-10 13:01:36 UTC

sparc stable

Comment 20 GLSAMaker/CVETool Bot 2015-07-10 13:08:15 UTC

This issue was resolved and addressed in
 GLSA 201507-15 at https://security.gentoo.org/glsa/201507-15
by GLSA coordinator Kristian Fiskerstrand (K_F).

Comment 21 Yury German 2015-08-10 14:20:10 UTC

Maintainer(s), please drop the vulnerable version(s).

Comment 22 Yury German 2015-09-08 05:48:35 UTC

Maintainers, can we please drop the 1.0.2 prior to <1.0.2d

Comment 23 Yury German 2015-10-10 02:36:39 UTC

Please drop <1.0.2d (in 1.0.2x). If not cleaned up or appropriate reason given it will be cleaned up in 30 days by security.

Comment 24 Yury German 2016-02-25 08:15:20 UTC

Maintainer(s), Thank you for your work.