Bug 539468

Summary:	<dev-vcs/fossild-20150119112900: Vulnerable to POODLE SSL 3.0 vulnerability as described in CVE-2014-3566
Product:	Gentoo Security	Reporter:	David Flogeras <dflogeras2>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	rafaelmartins, titanofold
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.fossil-scm.org/download.html
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description David Flogeras 2015-02-09 13:53:57 UTC

There is a new version available here:

http://www.fossil-scm.org/download.html

It does mention that it includes a fix for an SSL CVE (see near the bottom of release notes)

Simply renaming the dev-vcs/fossil-20140612172556.ebuild worked here.  I have compiled and ran it on amd64, x86, and arm (armv6j rpi and armv7a cubieboard2).

Reproducible: Always

Comment 1 Rafael Martins (RETIRED) gentoo-dev

2015-02-11 23:43:15 UTC

bumped to =dev-vcs/fossil-20150119112900. feel free to stabilize it.

Comment 2 Yury German Gentoo Infrastructure

2015-02-16 03:27:09 UTC

Arches, please test and mark stable:

=dev-vcs/fossild-20150119112900

Target Keywords : "amd64 x86"

Thank you!

Comment 3 Andreas Schürch gentoo-dev

2015-02-23 19:48:53 UTC

x86 done.

Comment 4 Agostino Sarubbo gentoo-dev

2015-02-24 09:39:20 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 5 Rafael Martins (RETIRED) gentoo-dev

2015-02-27 01:36:26 UTC

(In reply to Agostino Sarubbo from comment #4)
> amd64 stable.
> 
> Maintainer(s), please cleanup.
> Security, please vote.

removed. thanks

Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-03-18 22:09:39 UTC

GLSA Vote: No

Comment 7 Mikle Kolyada (RETIRED) archtester

2015-03-18 22:11:18 UTC

GLSA vote: no.

Closing as [noglsa]