From ${URL} : A bug was found in pbkdf2 function of m2crypto package, such that when given a 74 byte result, a buffer overflow occurs leading to crash of the application. For reproducer and backtrace, see product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1270318 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Upstream patch: https://gitlab.com/m2crypto/m2crypto/commit/704ff438b5aca2fcf26431233bfb3950ce8e677a In >=0.23.0. @ Maintainer(s): Can we stabilize =dev-python/m2crypto-0.24.0?
@ Arches, please test and mark stable: =dev-python/m2crypto-0.24.0
amd64 stable
x86 stable
Stable for HPPA PPC64.
Stable on alpha.
ppc stable.
arm stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s).
Arches and Maintainer(s), Thank you for your work.