From ${URL} : A use-after-free in accel-ppp was reported one month ago. accel-ppp is a VPN server (https://accel-ppp.org) Since I got no news from the dev (neither by email or through the forum), I would suggest to use this service carefully. More details about the vuln here : http://accel-ppp.org/forum/viewtopic.php?f=18&t=581 The vuln was found with the help of the analyzer GUEB. @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
fixed in 1.10.1
commit fb6b6a4db1dd93268277f890bbb28b6abf92cf3c Author: Sergey Popov <pinkbyte@gentoo.org> Date: Wed Mar 23 13:32:34 2016 +0300 net-dialup/accel-ppp: remove old vulnerable versions Gentoo-Bug: 574414 Package-Manager: portage-2.2.28 commit 81452b25d5c94c5da502af040d7b546dbc61dfdc Author: Sergey Popov <pinkbyte@gentoo.org> Date: Wed Mar 23 13:31:25 2016 +0300 net-dialup/accel-ppp: version bump to 1.10.1 Port to EAPI 6, simplify init script, unify variable names in conf.d file Gentoo-Bug: 574414 Package-Manager: portage-2.2.28 Packages was never in stable branch, no GLSA needed
