Summary: | <dev-db/virtuoso-{odbc,server}-6.1.8: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | creffett, reavertm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/05/05/12 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-05-06 08:36:06 UTC
Best I can do here is stable 6.1.8, since it at least got some of those fixes--we cannot move to 7 since upstream completely dropped non-amd64 support. Arches, please stabilize: =dev-db/virtuoso-odbc-6.1.8 =dev-db/virtuoso-server-6.1.8 Target arches: amd64 ppc ppc64 x86 (In reply to Chris Reffett from comment #1) > Best I can do here is stable 6.1.8, since it at least got some of those > fixes--we cannot move to 7 since upstream completely dropped non-amd64 > support. This bug affects also EPEL6 (https://bugzilla.redhat.com/show_bug.cgi?id=1219016) They runs 6.1.6 and I guess they will backport the security fixes. Do we want to give them an opportunity? Sure. This package has been masked for removal. Packages removed from tree. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49c964c862865ba64f1a63508a8cc6ddf588e575 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b8e1118cc57cbd0f1d08eba405f8a3e6e62a84a Please do not close security bugs. New GLSA Request filed. Gentoo Security Padawan ChrisADR Very vague reports. Downgrading to B3 as no PoC for ACE/RCE. NO CVE as per: ______________________________ We have not assigned CVE identifiers because the number of different crashes we saw was fairly large, and we could not completely understand how the RPC implementation is pieced together. ______________________________ |