This version now contains some security-relevant hardenings: https://www.veracrypt.fr/en/Release%20Notes.html Reproducible: Always
SECURITY Add this on all security related issues. ^ This is not a bug for the security team. Any reason why this bug is keyworded with SECURITY?
I guess we can assume these two to be of importance: Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck) Make sure password gets deleted in case of internal error when mounting volume (Reported and fixed by Hanno Böck) Re-keywording.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=203783d176b8f801bd640c5c1eaa372b6ea29e3e commit 203783d176b8f801bd640c5c1eaa372b6ea29e3e Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2019-12-19 22:42:33 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2019-12-19 22:48:27 +0000 app-crypt/veracrypt: bump to 1.24-Update2 Bug: https://bugs.gentoo.org/703340 Closes: https://bugs.gentoo.org/698936 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-crypt/veracrypt/Manifest | 1 + ...racrypt-1.24_p2-revert-wxwidgets-breakage.patch | 100 +++++++++++++++++ app-crypt/veracrypt/veracrypt-1.24_p2.ebuild | 120 +++++++++++++++++++++ 3 files changed, 221 insertions(+)
The new version runs smoothly here. Can the stabilization now be started for app-crypt/veracrypt-1.24_p2 ?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df1ce05286d75dd247e17489b8dacb5a833bb45a commit df1ce05286d75dd247e17489b8dacb5a833bb45a Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2020-03-30 11:15:02 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2020-03-30 12:20:06 +0000 app-crypt/veracrypt: remove old Bug: https://bugs.gentoo.org/703340 Package-Manager: Portage-2.3.69, Repoman-2.3.14 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-crypt/veracrypt/Manifest | 3 - app-crypt/veracrypt/veracrypt-1.23.ebuild | 96 ---------------------- app-crypt/veracrypt/veracrypt-1.24-r1.ebuild | 117 --------------------------- app-crypt/veracrypt/veracrypt-1.24-r2.ebuild | 117 --------------------------- app-crypt/veracrypt/veracrypt-1.24.ebuild | 100 ----------------------- app-crypt/veracrypt/veracrypt-1.24_p1.ebuild | 117 --------------------------- 6 files changed, 550 deletions(-)
Older vulnerable versions are removed and the secure version is in stable. It should be safe to close this bug now.
(In reply to Göktürk Yüksek from comment #6) > Older vulnerable versions are removed and the secure version is in stable. > It should be safe to close this bug now. Great, thank you! We'll move it to the glsa? step.
