Multiple security vulnerabilities are fixed between the current stable (3.6.6) and 3.6.11 (CVE-2018-20683, CVE-2018-16976) 3.6.11 has been in tree since January with no reported bugs, and the current stable was stabilized 2.5 years ago... this is really bad. Please Cc arches. security@: I guess the best thing to do is file bugs for the two CVEs and make this one block them?
@Arch Teams, please stabilize =dev-vcs/gitolite-3.6.11.
amd64 stable
x86 stable
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d48ca4261753c87952b602873fa2050d6a03333b commit d48ca4261753c87952b602873fa2050d6a03333b Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2019-07-29 15:51:10 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2019-07-29 15:51:30 +0000 dev-vcs/gitolite: Drop old versions Bug: https://bugs.gentoo.org/689794 Signed-off-by: Matt Turner <mattst88@gentoo.org> dev-vcs/gitolite/Manifest | 4 - .../files/gitolite-3.6.6-fix-shebang.patch | 23 ----- dev-vcs/gitolite/gitolite-3.6.10.ebuild | 102 --------------------- dev-vcs/gitolite/gitolite-3.6.6.ebuild | 99 -------------------- dev-vcs/gitolite/gitolite-3.6.7.ebuild | 99 -------------------- dev-vcs/gitolite/gitolite-3.6.8.ebuild | 102 --------------------- 6 files changed, 429 deletions(-)
GLSA Vote: No! Repository is clean, all done!