656806 – <net-analyzer/wireshark-2.6.1: Multiple vulnerabilities

Bug 656806 - <net-analyzer/wireshark-2.6.1: Multiple vulnerabilities

Summary: <net-analyzer/wireshark-2.6.1: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.wireshark.org/lists/wires...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369
Blocks:
	Show dependency tree

Reported:	2018-05-28 20:24 UTC by Jeroen Roovers (RETIRED)
Modified:	2019-03-11 06:19 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	net-analyzer/wireshark-2.6.1 media-libs/bcg729-1.0.4 dev-libs/libmaxminddb-1.2.1 dev-ruby/asciimath-1.0.4 amd64 x86 dev-ruby/haml-4.0.7-r1 amd64 x86 dev-ruby/temple-0.8.0 amd64 x86 dev-ruby/redcarpet-3.4.0 amd64 x86 dev-ruby/slim-3.0.9 amd64 x86 dev-ruby/asciidoctor-1.5.5-r1 amd64 x86
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2018-05-28 20:24:17 UTC

The following vulnerabilities have been fixed:

     • ws-sa2018-25

     • The LDSS dissector could crash. (ws-bug14615)

     • ws-sa2018-26

     • The IEEE 1905.1a dissector could crash. (ws-bug14647)

     • ws-sa2018-27

     • The RTCP dissector could crash. (ws-bug14673)

     • ws-sa2018-28

     • Multiple dissectors could consume excessive memory. (ws-bug14678)

     • ws-sa2018-29

     • The DNS dissector could crash. (ws-bug14681)

     • ws-sa2018-30

     • The GSM A DTAP dissector could crash. (ws-bug14688)

     • ws-sa2018-31

     • The Q.931 dissector could crash. (ws-bug14689)

     • ws-sa2018-32

     • The IEEE 802.11 dissector could crash. (ws-bug14686)

     • ws-sa2018-33

     • Multiple dissectors could crash. (ws-bug14703)

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2018-05-28 22:02:47 UTC

CVE-2018-11362 (https://nvd.nist.gov/vuln/detail/CVE-2018-11362):
  In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector
  could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding
  a buffer over-read upon encountering a missing '\0' character.

CVE-2018-11361 (https://nvd.nist.gov/vuln/detail/CVE-2018-11361):
  In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was
  addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during
  FTE processing in Dot11DecryptTDLSDeriveKey.

CVE-2018-11360 (https://nvd.nist.gov/vuln/detail/CVE-2018-11360):
  In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP
  dissector could crash. This was addressed in
  epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that
  caused a buffer overflow.

CVE-2018-11359 (https://nvd.nist.gov/vuln/detail/CVE-2018-11359):
  In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector
  and other dissectors could crash. This was addressed in epan/proto.c by
  avoiding a NULL pointer dereference.

CVE-2018-11358 (https://nvd.nist.gov/vuln/detail/CVE-2018-11358):
  In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector
  could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding
  a use-after-free after a malformed packet prevented certain cleanup.

CVE-2018-11357 (https://nvd.nist.gov/vuln/detail/CVE-2018-11357):
  In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector
  and other dissectors could consume excessive memory. This was addressed in
  epan/tvbuff.c by rejecting negative lengths.

CVE-2018-11356 (https://nvd.nist.gov/vuln/detail/CVE-2018-11356):
  In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector
  could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding
  a NULL pointer dereference for an empty name in an SRV record.

CVE-2018-11355 (https://nvd.nist.gov/vuln/detail/CVE-2018-11355):
  In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in
  epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet
  status chunks.

CVE-2018-11354 (https://nvd.nist.gov/vuln/detail/CVE-2018-11354):
  In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was
  addressed in epan/dissectors/packet-ieee1905.c by making a certain
  correction to string handling.

Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-05-28 22:04:54 UTC

@Arches, please test and mark stable.

Thank you,

Comment 3 Stabilization helper bot gentoo-dev

2018-05-28 23:01:15 UTC

An automated check of this bug failed - repoman reported dependency errors (198 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['media-libs/bcg729', 'dev-libs/libmaxminddb', 'dev-ruby/asciidoctor']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: RDEPEND: alpha(default/linux/alpha/13.0) ['media-libs/bcg729', 'dev-libs/libmaxminddb']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['media-libs/bcg729', 'dev-libs/libmaxminddb', 'dev-ruby/asciidoctor']

Comment 4 Mikle Kolyada (RETIRED) archtester

2018-05-29 09:38:49 UTC

   net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop)
['media-libs/bcg729', 'dev-ruby/asciidoctor']


And so on

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2018-05-29 11:15:28 UTC

@ Maintainer(s): I suggest to add "bcg729" to p.use.mask or p.use.stable.mask and just unmask for amd64 and x86. Of course, media-libs/bcg729 + deps must be added to package list for amd64/x86...

Comment 6 Larry the Git Cow gentoo-dev

2018-05-31 10:01:49 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa5c8511a88fdd0d06b4046ed41e33f606f6a78a

commit aa5c8511a88fdd0d06b4046ed41e33f606f6a78a
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-05-31 09:55:40 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-31 09:55:40 +0000

    net-analyzer/wireshark: stable 2.6.1 for ia64, bug #656806
    
    Bug: https://bugs.gentoo.org/656806
    Package-Manager: Portage-2.3.38, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 net-analyzer/wireshark/wireshark-2.6.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7265725e416f80d9bf9c2efe9ddb612ce687148b

commit 7265725e416f80d9bf9c2efe9ddb612ce687148b
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-05-31 09:55:34 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-31 09:55:34 +0000

    dev-libs/libmaxminddb: stable 1.2.1 for ia64, bug #656806
    
    Bug: https://bugs.gentoo.org/656806
    Package-Manager: Portage-2.3.38, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 dev-libs/libmaxminddb/libmaxminddb-1.2.1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ec591bd91b79cc2a210abd408ce4ad98790fcfa

commit 4ec591bd91b79cc2a210abd408ce4ad98790fcfa
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-05-31 09:54:24 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-31 09:54:24 +0000

    media-libs/bcg729: stable 1.0.4 for ia64, bug #656806
    
    Bug: https://bugs.gentoo.org/656806
    Package-Manager: Portage-2.3.38, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-libs/bcg729/bcg729-1.0.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 7 Stabilization helper bot gentoo-dev

2018-05-31 11:00:59 UTC

An automated check of this bug failed - repoman reported dependency errors (166 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['media-libs/bcg729', 'dev-libs/libmaxminddb', 'dev-ruby/asciidoctor']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: RDEPEND: alpha(default/linux/alpha/13.0) ['media-libs/bcg729', 'dev-libs/libmaxminddb']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['media-libs/bcg729', 'dev-libs/libmaxminddb', 'dev-ruby/asciidoctor']

Comment 8 Stabilization helper bot gentoo-dev

2018-05-31 12:01:40 UTC

An automated check of this bug failed - repoman reported dependency errors (30 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-ruby/asciidoctor']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-ruby/asciidoctor']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['dev-ruby/asciidoctor']

Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev

2018-05-31 12:42:30 UTC

@ Alpha, if you don't want to keyword & stabilize =dev-ruby/asciidoctor-1.5.5-r1, please p.u.mask "doc".

Comment 10 Stabilization helper bot gentoo-dev

2018-05-31 13:02:17 UTC

An automated check of this bug failed - repoman reported dependency errors (27 lines truncated): 

> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/erubis[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]', 'dev-ruby/tilt[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/erubis[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]', 'dev-ruby/tilt[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/erubis[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]', 'dev-ruby/tilt[ruby_targets_ruby23]']

Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev

2018-05-31 13:21:21 UTC

Added p.u.mask for alpha via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef96e45192e28b98f32ad59233349986da2aafce

Comment 12 Stabilization helper bot gentoo-dev

2018-05-31 14:02:01 UTC

An automated check of this bug failed - repoman reported dependency errors (27 lines truncated): 

> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/erubis[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]', 'dev-ruby/tilt[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/erubis[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]', 'dev-ruby/tilt[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/erubis[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]', 'dev-ruby/tilt[ruby_targets_ruby23]']

Comment 13 Stabilization helper bot gentoo-dev

2018-05-31 15:02:51 UTC

An automated check of this bug failed - repoman reported dependency errors (17 lines truncated): 

> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop/gnome) ['dev-ruby/asciimath[ruby_targets_ruby23]', 'dev-ruby/haml[ruby_targets_ruby23]', 'dev-ruby/slim[ruby_targets_ruby23]']

Comment 14 Stabilization helper bot gentoo-dev

2018-05-31 16:03:58 UTC

An automated check of this bug failed - repoman reported dependency errors (74 lines truncated): 

> dependency.bad dev-ruby/slim/slim-3.0.9.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby23]', 'dev-ruby/redcarpet[ruby_targets_ruby23]']
> dependency.bad dev-ruby/slim/slim-3.0.9.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby23]']
> dependency.bad dev-ruby/slim/slim-3.0.9.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby23]', 'dev-ruby/redcarpet[ruby_targets_ruby23]']
> dependency.bad dev-ruby/haml/haml-5.0.4.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-ruby/temple-0.8.0[ruby_targets_ruby23]', 'dev-ruby/railties:5.2[ruby_targets_ruby23]', 'dev-ruby/activemodel:5.2[ruby_targets_ruby23]', 'dev-ruby/actionpack:5.2[ruby_targets_ruby23]']
> dependency.bad dev-ruby/haml/haml-5.0.4.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-ruby/temple-0.8.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/haml/haml-5.0.4.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-ruby/temple-0.8.0[ruby_targets_ruby23]', 'dev-ruby/railties:5.2[ruby_targets_ruby23]', 'dev-ruby/activemodel:5.2[ruby_targets_ruby23]', 'dev-ruby/actionpack:5.2[ruby_targets_ruby23]']

Comment 15 Stabilization helper bot gentoo-dev

2018-05-31 17:00:10 UTC

An automated check of this bug failed - the following invalid arch is referenced in the atom list:

md64

Comment 16 Stabilization helper bot gentoo-dev

2018-05-31 18:07:09 UTC

An automated check of this bug failed - repoman reported dependency errors (431 lines truncated): 

> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop/gnome) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/activesupport/activesupport-5.2.0.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=dev-ruby/concurrent-ruby-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/i18n:1[ruby_targets_ruby23]', '>=dev-ruby/tzinfo-1.1:1[ruby_targets_ruby23]', '>=dev-ruby/dalli-2.2.1[ruby_targets_ruby23]', '>=dev-ruby/listen-3.0.5:3[ruby_targets_ruby23]']
> dependency.bad dev-ruby/activesupport/activesupport-5.2.0.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=dev-ruby/concurrent-ruby-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/i18n:1[ruby_targets_ruby23]', '>=dev-ruby/tzinfo-1.1:1[ruby_targets_ruby23]']
> dependency.bad dev-ruby/activesupport/activesupport-5.2.0.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['>=dev-ruby/concurrent-ruby-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/i18n:1[ruby_targets_ruby23]', '>=dev-ruby/dalli-2.2.1[ruby_targets_ruby23]', '>=dev-ruby/listen-3.0.5:3[ruby_targets_ruby23]']

Comment 17 Stabilization helper bot gentoo-dev

2018-05-31 21:09:13 UTC

An automated check of this bug failed - repoman reported dependency errors (589 lines truncated): 

> dependency.bad dev-ruby/tzinfo/tzinfo-1.2.5.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=dev-ruby/thread_safe-0.1:0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/tzinfo/tzinfo-1.2.5.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=dev-ruby/thread_safe-0.1:0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/tzinfo/tzinfo-1.2.5.ebuild: DEPEND: ppc64(default/linux/powerpc/ppc64/17.0/64bit-userland) ['>=dev-ruby/thread_safe-0.1:0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/concurrent-ruby/concurrent-ruby-1.0.5.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=dev-ruby/timecop-0.7.4[ruby_targets_ruby23]']
> dependency.badindev dev-ruby/concurrent-ruby/concurrent-ruby-1.0.5.ebuild: DEPEND: arm(default/linux/arm/13.0/armv4) ['>=dev-ruby/timecop-0.7.4[ruby_targets_ruby23]']
> dependency.badindev dev-ruby/concurrent-ruby/concurrent-ruby-1.0.5.ebuild: DEPEND: arm(default/linux/arm/13.0/armv4/desktop) ['>=dev-ruby/timecop-0.7.4[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: DEPEND: arm(default/linux/arm/13.0) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]', 'dev-ruby/rack:2.0[ruby_targets_ruby23]', '>=dev-ruby/rack-test-0.6.3:*[ruby_targets_ruby23]', '>=dev-ruby/rails-html-sanitizer-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/rails-dom-testing:2[ruby_targets_ruby23]', '>=dev-ruby/capybara-2.13:2[ruby_targets_ruby23]', '>=dev-ruby/rack-cache-1.2:1.2[ruby_targets_ruby23]', 'www-servers/puma[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]', 'dev-ruby/rack:2.0[ruby_targets_ruby23]', '>=dev-ruby/rack-test-0.6.3:*[ruby_targets_ruby23]', '>=dev-ruby/rails-html-sanitizer-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/rails-dom-testing:2[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: RDEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]', 'dev-ruby/rack:2.0[ruby_targets_ruby23]', '>=dev-ruby/rack-test-0.6.3:*[ruby_targets_ruby23]', '>=dev-ruby/rails-html-sanitizer-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/rails-dom-testing:2[ruby_targets_ruby23]']
> dependency.bad dev-ruby/i18n/i18n-1.0.1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['dev-ruby/test_declarative[ruby_targets_ruby23]']
> dependency.bad dev-ruby/i18n/i18n-1.0.1.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['dev-ruby/test_declarative[ruby_targets_ruby23]']
> dependency.bad dev-ruby/i18n/i18n-1.0.1.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0/desktop) ['dev-ruby/test_declarative[ruby_targets_ruby23]']
> dependency.bad dev-ruby/listen/listen-3.1.5-r2.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=dev-ruby/ruby_dep-1.2:1[ruby_targets_ruby23]', 'dev-ruby/thor[ruby_targets_ruby23]']
> dependency.bad dev-ruby/listen/listen-3.1.5-r2.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=dev-ruby/ruby_dep-1.2:1[ruby_targets_ruby23]']
> dependency.bad dev-ruby/listen/listen-3.1.5-r2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['>=dev-ruby/ruby_dep-1.2:1[ruby_targets_ruby23]', 'dev-ruby/thor[ruby_targets_ruby23]']
> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: DEPEND: arm(default/linux/arm/13.0) ['>=dev-ruby/thor-0.18.1[ruby_targets_ruby23]', 'dev-ruby/method_source[ruby_targets_ruby23]', '~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['>=app-eselect/eselect-rails-0.23', '>=dev-ruby/thor-0.18.1[ruby_targets_ruby23]', 'dev-ruby/method_source[ruby_targets_ruby23]']
> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['>=dev-ruby/thor-0.18.1[ruby_targets_ruby23]', 'dev-ruby/method_source[ruby_targets_ruby23]', '~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/dalli/dalli-2.7.8-r1.ebuild: DEPEND: arm(default/linux/arm/13.0) ['<dev-ruby/activesupport-5.2[ruby_targets_ruby23]', 'dev-ruby/connection_pool[ruby_targets_ruby23]']
> dependency.bad dev-ruby/dalli/dalli-2.7.8-r1.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['<dev-ruby/activesupport-5.2[ruby_targets_ruby23]', 'dev-ruby/connection_pool[ruby_targets_ruby23]']

Comment 18 Thomas Deutschmann (RETIRED) gentoo-dev

2018-05-31 22:46:29 UTC

net-analyzer/wireshark[doc] p.use.stable.masked everywhere and unmask just for amd64 and x86 via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e73a6246a5aeb086ec4a14a2c59002c6b1f43319

Comment 19 Stabilization helper bot gentoo-dev

2018-05-31 23:05:26 UTC

An automated check of this bug failed - repoman reported dependency errors (93 lines truncated): 

> dependency.bad dev-ruby/i18n/i18n-1.0.1.ebuild: DEPEND: x86(default/linux/x86/17.0) ['dev-ruby/test_declarative[ruby_targets_ruby23]']
> dependency.bad dev-ruby/i18n/i18n-1.0.1.ebuild: DEPEND: x86(default/linux/x86/17.0/desktop) ['dev-ruby/test_declarative[ruby_targets_ruby23]']
> dependency.bad dev-ruby/i18n/i18n-1.0.1.ebuild: DEPEND: x86(default/linux/x86/17.0/desktop/gnome) ['dev-ruby/test_declarative[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: DEPEND: x86(default/linux/x86/17.0) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]', 'dev-ruby/rack:2.0[ruby_targets_ruby23]', '>=dev-ruby/rack-test-0.6.3:*[ruby_targets_ruby23]', '>=dev-ruby/rails-html-sanitizer-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/rails-dom-testing:2[ruby_targets_ruby23]', '>=dev-ruby/capybara-2.13:2[ruby_targets_ruby23]', '>=dev-ruby/rack-cache-1.2:1.2[ruby_targets_ruby23]', 'www-servers/puma[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: RDEPEND: x86(default/linux/x86/17.0) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]', 'dev-ruby/rack:2.0[ruby_targets_ruby23]', '>=dev-ruby/rack-test-0.6.3:*[ruby_targets_ruby23]', '>=dev-ruby/rails-html-sanitizer-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/rails-dom-testing:2[ruby_targets_ruby23]']
> dependency.bad dev-ruby/actionpack/actionpack-5.2.0.ebuild: DEPEND: x86(default/linux/x86/17.0/desktop) ['~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]', 'dev-ruby/rack:2.0[ruby_targets_ruby23]', '>=dev-ruby/rack-test-0.6.3:*[ruby_targets_ruby23]', '>=dev-ruby/rails-html-sanitizer-1.0.2:1[ruby_targets_ruby23]', 'dev-ruby/rails-dom-testing:2[ruby_targets_ruby23]', '>=dev-ruby/capybara-2.13:2[ruby_targets_ruby23]', '>=dev-ruby/rack-cache-1.2:1.2[ruby_targets_ruby23]', 'www-servers/puma[ruby_targets_ruby23]']
> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: DEPEND: x86(default/linux/x86/17.0) ['>=dev-ruby/thor-0.18.1[ruby_targets_ruby23]', 'dev-ruby/method_source[ruby_targets_ruby23]', '~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: RDEPEND: x86(default/linux/x86/17.0) ['>=app-eselect/eselect-rails-0.23', '>=dev-ruby/thor-0.18.1[ruby_targets_ruby23]', 'dev-ruby/method_source[ruby_targets_ruby23]']
> dependency.bad dev-ruby/railties/railties-5.2.0.ebuild: DEPEND: x86(default/linux/x86/17.0/desktop) ['>=dev-ruby/thor-0.18.1[ruby_targets_ruby23]', 'dev-ruby/method_source[ruby_targets_ruby23]', '~dev-ruby/actionview-5.2.0[ruby_targets_ruby23]']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-ruby/asciidoctor']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['dev-ruby/asciidoctor']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['dev-ruby/asciidoctor']
> dependency.bad dev-ruby/listen/listen-3.1.5-r2.ebuild: DEPEND: x86(default/linux/x86/17.0) ['>=dev-ruby/ruby_dep-1.2:1[ruby_targets_ruby23]', 'dev-ruby/thor[ruby_targets_ruby23]']
> dependency.bad dev-ruby/listen/listen-3.1.5-r2.ebuild: RDEPEND: x86(default/linux/x86/17.0) ['>=dev-ruby/ruby_dep-1.2:1[ruby_targets_ruby23]']
> dependency.bad dev-ruby/listen/listen-3.1.5-r2.ebuild: DEPEND: x86(default/linux/x86/17.0/desktop) ['>=dev-ruby/ruby_dep-1.2:1[ruby_targets_ruby23]', 'dev-ruby/thor[ruby_targets_ruby23]']
> dependency.bad dev-ruby/dalli/dalli-2.7.8-r1.ebuild: DEPEND: x86(default/linux/x86/17.0) ['<dev-ruby/activesupport-5.2[ruby_targets_ruby23]', 'dev-ruby/connection_pool[ruby_targets_ruby23]']
> dependency.bad dev-ruby/dalli/dalli-2.7.8-r1.ebuild: DEPEND: x86(default/linux/x86/17.0/desktop) ['<dev-ruby/activesupport-5.2[ruby_targets_ruby23]', 'dev-ruby/connection_pool[ruby_targets_ruby23]']
> dependency.bad dev-ruby/dalli/dalli-2.7.8-r1.ebuild: DEPEND: x86(default/linux/x86/17.0/desktop/gnome) ['<dev-ruby/activesupport-5.2[ruby_targets_ruby23]', 'dev-ruby/connection_pool[ruby_targets_ruby23]']

Comment 20 Stabilization helper bot gentoo-dev

2018-06-01 21:00:09 UTC

An automated check of this bug failed - the following atoms are unknown:

dev-ruby/bcrypt-ruby-3.1.1
dev-ruby/railties-4.2.0

Please verify the atom list.

Comment 21 Stabilization helper bot gentoo-dev

2018-06-01 22:11:22 UTC

An automated check of this bug failed - repoman reported dependency errors (4 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-ruby/asciidoctor']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['dev-ruby/asciidoctor']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.1.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['dev-ruby/asciidoctor']

Comment 22 Thomas Deutschmann (RETIRED) gentoo-dev

2018-06-01 22:57:48 UTC

Retry with https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6531b1f5fdf0a03d14cf8b14db65f9ce00ecc78f

Comment 23 Hans de Graaff gentoo-dev

2018-06-02 06:15:16 UTC

My suggestion from the ruby team would be to do what for amd64 what other arches have done in the past: add a package use mask to dev-ruby/haml tests and thus avoid the whole dev-ruby/rails dependency tree. This is a security bug so we'll want this done quickly. That is not going to happen when we include dev-ruby/rails because I'm sure there are test failures and other surprises in there.

Instead we can whittle down the (ruby) list to just:

dev-ruby/asciimath-1.0.4 amd64 x86
dev-ruby/haml-4.0.7-r1 amd64 x86
dev-ruby/temple-0.8.0 amd64 x86
dev-ruby/redcarpet-3.4.0 amd64 x86
dev-ruby/slim-3.0.9 amd64 x86
dev-ruby/asciidoctor-1.5.5-r1 amd64 x86

And add this to arch/amd64/package.use.mask:

<dev-ruby/haml-5 test

Comment 24 Mikle Kolyada (RETIRED) archtester

2018-06-02 13:50:07 UTC

amd64 stable

Comment 25 Thomas Deutschmann (RETIRED) gentoo-dev

2018-06-06 23:28:47 UTC

x86 stable

Comment 26 Markus Meier gentoo-dev

2018-06-11 17:57:44 UTC

arm stable

Comment 27 Tobias Klausmann (RETIRED) gentoo-dev

2018-06-19 17:29:50 UTC

Stable on alpha.

Comment 28 Larry the Git Cow gentoo-dev

2018-06-24 19:37:28 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa03bb86b2466d2073e15d039b7987e4923eb42e

commit aa03bb86b2466d2073e15d039b7987e4923eb42e
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 17:34:54 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 19:35:21 +0000

    dev-libs/libmaxminddb: stable 1.2.1 for ppc, bug #656806
    
    Bug: https://bugs.gentoo.org/656806
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc"

 dev-libs/libmaxminddb/libmaxminddb-1.2.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 29 Larry the Git Cow gentoo-dev

2018-06-24 20:22:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b96da3217c713cb1beb16b9706617135ed671f0f

commit b96da3217c713cb1beb16b9706617135ed671f0f
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 19:50:36 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 20:20:29 +0000

    media-libs/bcg729: stable 1.0.4 for ppc64, bug #656806
    
    Bug: https://bugs.gentoo.org/656806
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 media-libs/bcg729/bcg729-1.0.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 30 Larry the Git Cow gentoo-dev

2018-07-01 09:11:46 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eec65765de4835187bd4b2bad59864bc715e3022

commit eec65765de4835187bd4b2bad59864bc715e3022
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-01 09:10:46 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-01 09:10:46 +0000

    dev-libs/libmaxminddb: stable 1.2.1 for ppc64, bug #656806
    
    Bug: https://bugs.gentoo.org/656806
    Package-Manager: Portage-2.3.41, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 dev-libs/libmaxminddb/libmaxminddb-1.2.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 31 Thomas Deutschmann (RETIRED) gentoo-dev

2018-07-20 09:54:20 UTC

Superseded by bug 661578.

Comment 32 Larry the Git Cow gentoo-dev

2018-07-23 18:59:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfef00f595518e7487655909daf0f492c760a85b

commit bfef00f595518e7487655909daf0f492c760a85b
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-23 18:53:01 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-23 18:53:01 +0000

    media-libs/bcg729: stable 1.0.4 for hppa, bug #656806
    
    Bug: https://bugs.gentoo.org/656806
    Package-Manager: Portage-2.3.43, Repoman-2.3.10
    RepoMan-Options: --include-arches="hppa"

 media-libs/bcg729/bcg729-1.0.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 33 Yury German Gentoo Infrastructure

2019-03-11 06:19:42 UTC

GLSA Vote: No

Thank you all for you work. 
Closing as [noglsa].