The two ebuilds we currently have in the tree are affected by that. The version with the fix can be found here: https://github.com/gentoo/gentoo/pull/29428 Reproducible: Always We should likely update and drop the two others. Possibly making the whole package ~ only again.
Please let me know how to proceed with that. I guess we need a GLSA, drop the two (stable) and merge the new one (~). On top maybe a news item for users that this one is no longer stable.
Why wouldn't we stable the new one? CVE-2023-24486: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
We could maybe just stable the new one. That would be faster than the usual 30 days, but maybe in this case it would be allowed. The whole story about making this non-stable again is something i wanted to do for some time, but we should not mix topics and first see about this one.
new package was merged, next step will be to drop the old stuff as proposed here https://github.com/gentoo/gentoo/pull/29873
(In reply to Henning Schild from comment #4) > new package was merged, next step will be to drop the old stuff as proposed > here > > https://github.com/gentoo/gentoo/pull/29873 But why would we do this and not stable the new one? Please just file a stablereq and have it block this bug.
(In reply to John Helmert III from comment #5) > (In reply to Henning Schild from comment #4) > > new package was merged, next step will be to drop the old stuff as proposed > > here > > > > https://github.com/gentoo/gentoo/pull/29873 > > But why would we do this and not stable the new one? Please just file a > stablereq and have it block this bug. I promise you no AT will ever stabilize it, because it's fetch-restricted.
No affected ebuilds in the tree any longer.
i think this one can be closed
