568644 – net-wireless/blueman-2.0.3 version bump

Bug 568644 - net-wireless/blueman-2.0.3 version bump

Summary: net-wireless/blueman-2.0.3 version bump

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Michał Górny

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-12-18 15:35 UTC by Joakim Tjernlund
Modified:	2015-12-22 13:24 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joakim Tjernlund 2015-12-18 15:35:58 UTC

See http://git.mate-desktop.org/blueman/log/?h=2-0-stable

Comment 1 Michał Górny archtester

2015-12-18 16:06:39 UTC

Yep, just got mail about it. I'll do it, then mask the old version.

@security, the old version has quite a nice vulnerability that eval()s (as root, I think) random python code passed via dbus. Do we want to do something special about that or just the usual maintenance stuff?

Comment 2 Michał Górny archtester

2015-12-18 16:12:12 UTC

commit 9ec3f9ffade45b3412e8b42a2fc89d9e4746b9af
Author: Michał Górny <mgorny@gentoo.org>
Date:   Fri Dec 18 17:10:06 2015

    package.mask: Mask blueman due to vulnerability, #568644

Comment 3 Michał Górny archtester

2015-12-18 16:38:10 UTC

commit 80ebc9837b14b8d9133fcdc4342125915b5face4
Author: Michał Górny <mgorny@gentoo.org>
Date:   Fri Dec 18 17:32:09 2015

    net-wireless/blueman: Security fix bump to 2.0.3, #568644


Leaving open for security@.

Comment 4 Michał Górny archtester

2015-12-22 13:24:43 UTC

Closing this since security opened their own bug.