Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 585830 (CVE-2015-3239) - <sys-libs/libunwind-1.1-r1 is affected by CVE-2015-3239
Summary: <sys-libs/libunwind-1.1-r1 is affected by CVE-2015-3239
Status: RESOLVED FIXED
Alias: CVE-2015-3239
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-13 13:49 UTC by Pacho Ramos
Modified: 2017-01-15 07:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2016-06-13 13:49:09 UTC 
Fedora is applying this patch to fix it:
http://pkgs.fedoraproject.org/cgit/rpms/libunwind.git/tree/libunwind-1.1-fix-CVE-2015-3239.patch
Comment 1 SpanKY gentoo-dev 2016-06-13 18:14:11 UTC 
i've added the Fedora fix to 1.1-r1

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c16a9a7ccf4b0e56ca6481852cf6fce826c90ba0
Comment 2 Agostino Sarubbo gentoo-dev 2016-06-14 10:20:00 UTC 
amd64 stable
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2016-06-15 15:41:12 UTC 
Stable for PPC64.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-06-16 10:42:33 UTC 
Stable for HPPA.
Comment 5 Markus Meier gentoo-dev 2016-06-21 18:32:16 UTC 
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-06-27 08:51:35 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-07-08 07:59:46 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-07-08 12:07:29 UTC 
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2016-09-10 07:54:48 UTC 
Arches, Thank you for your work.
GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2016-10-14 13:53:20 UTC 
@maintainer(s), please clean the vulnerable versions.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2016-10-31 05:28:18 UTC 
Third Request - Maintainer(s), please drop the vulnerable version(s).
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2016-12-27 10:02:04 UTC 
Impossible to clean this still?
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-08 22:44:45 UTC 
Cleanup PR: https://github.com/gentoo/gentoo/pull/3384