Summary: | <dev-python/cryptography-1.0.2: with python -O, openssl asserts are optimised out leading to undefined behaviour | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Justin Lecher (RETIRED) <jlec> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Justin Lecher (RETIRED)
2015-09-28 07:16:31 UTC
*** Bug 561694 has been marked as a duplicate of this bug. *** @arches, please keywords and stabilize dev-python/cryptography-1.0.2 dev-python/cryptography-vectors-1.0.2 dev-python/idna-2.0 dev-python/ipaddress-1.0.14 dev-python/cffi-1.2.1 For now I guess that this undefined behavior could lead to a crash. This also needs dev-python/pyasn1-0.1.8. All six stable on alpha. amd64 stable x86 stable Stable for HPPA PPC64. jlec, I have to remove mips@ from your stablereqs pretty often. Presumably you're not selecting with the "Add arches" button in bugzilla... maybe you need to update your script? (m68k, s390, and sh are also unstable) arm stable *** Bug 561372 has been marked as a duplicate of this bug. *** @arches, please proceed or we need to drop stable keywords. ppc stable sparc stable ia64 stable if we pass here we can increase the dep in the openstack packages https://review.openstack.org/#/c/244199/ passed, feel free to update the openstack packages to <=dev-python/cryptography-1.1-r9999 commit c3c2f1823de4a8a9c479c2c874a846c4de30d3d9 Author: Justin Lecher <jlec@gentoo.org> Date: Thu Nov 12 10:26:21 2015 +0100 dev-python/cryptography: Drop vulnerable versions Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=561696 obsoletes: Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=561604 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=559648 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=521796 Package-Manager: portage-2.2.23 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3c2f1823de4a8a9c479c2c874a846c4de30d3d9 Tree is clean again. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Thank you all. Closing as noglsa. |