From ${URL} : A vulnerability in pgpool was found leading to DoS of pgpool. If a connection is terminated abruptly, the connection is no longer usable, eventually causing the connection pool to be exhausted. Reproducing steps and more info can be found here: http://www.pgpool.net/mantisbt/view.php?id=147 https://bugzilla.redhat.com/show_bug.cgi?id=1265185 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Fix is in the 3.4 branch upstream: http://www.pgpool.net/mantisbt/view.php?id=147 Please bump and cleanup the vulnerable versions. Upstream download: http://www.pgpool.net/mediawiki/index.php/Downloads
Still awaiting an ebuild from maintainer with appropriate patch or new code base. Candidate for last rites. @maintainer(s), please confirm patch or bump.
commit ace051e1dfc0a27513384af32dd2b1e8be24fb44 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Tue Jun 7 07:06:57 2016 -0400 dev-db/pgpool2: Remove Old Bug: 563100 Package-Manager: portage-2.2.28 commit 7416f943e514cc8683c5d33041af046be9803421 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Tue Jun 7 06:51:36 2016 -0400 dev-db/pgpool2: Version Bump Bug: 529508, 563100 Package-Manager: portage-2.2.28
@Aaron, thanks for the bump and cleanup!
