Summary: | <dev-lang/mono-2.10.2-r1: multiple vulnerabilities (CVE-2010-4254,CVE-2011-{0989,0990,0991,0992}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dotnet |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2011-06-25 12:57:07 UTC
www-plugins/moonlight is hardmasked Is mono-2.10.2 affected also? (In reply to comment #2) > Is mono-2.10.2 affected also? I looked at the commits and believe 2.10.2 has these fixes: https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0 https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac but not this fix: https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91 Am I close? ;) Yes, last one is the needed: +*mono-2.10.2-r1 (04 Jul 2011) + + 04 Jul 2011; Pacho Ramos <pacho@gentoo.org> -files/mono-2.2-libdir126.patch, + -files/mono-2.2-ppc-threading.patch, -files/mono-2.2-uselibdir.patch, + -files/mono-2.6.4-require-glib.patch, -mono-2.6.7.ebuild, + -files/mono-2.8.1-radegast-crash.patch, -mono-2.8.2-r1.ebuild, + -files/mono-2.8-libdir.patch, -mono-2.10.1-r1.ebuild, + -files/mono-2.10.1-libdir.patch, +mono-2.10.2-r1.ebuild, + +files/mono-2.10.2-threads-access.patch: + Fix security problem, bug #372983 by Tim Sammut. Remove old. + Feel free to add arches when you prefer, it looks to work ok for me Arches, please test and mark stable: =dev-lang/mono-2.10.2-r1 Target keywords : "amd64 ppc x86" amd64 ok x86 stable. Thanks amd64 all ok amd64 done. Thanks Agostino and Ian ppc stable, last arch done Thanks, everyone. GLSA request filed. This issue was resolved and addressed in GLSA 201206-13 at http://security.gentoo.org/glsa/glsa-201206-13.xml by GLSA coordinator Tobias Heinlein (keytoaster). |