Summary: | <sci-mathematics/octave-4.2.0: insecure internal package manager | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Fedja Beader <fedja> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fedja, sci-mathematics |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://octave.1599824.n4.nabble.com/Insecure-downloading-of-octave-forge-packages-td4673520.html | ||
Whiteboard: | B4 [noglsa] | ||
Package list: |
=sci-mathematics/octave-4.2.0-r2 amd64 hppa ppc ppc64 x86
|
Runtime testing required: | --- |
Bug Depends on: | 603072, 604418, 604866 | ||
Bug Blocks: |
Description
Fedja Beader
2015-11-10 19:58:51 UTC
Upstream added http://hg.savannah.gnu.org/hgweb/octave/rev/453fca9ae397 This warning is present in v4.2.0. Like upstream said in $URL this isn't ideal but nothing more to do for us. @ Maintainer(s): Can we stabilize =sci-mathematics/octave-4.2.0 to push the warning down to our users? @ Arches, please test and mark stable: =sci-mathematics/octave-4.2.0-r2 Stopping stabilization due to open bugs. Can we take a look at the bugs please so we can close this bug. All vulnerable versions removed from tree. commit 8fc2192f2c98e1de3f9667d4d968141c6df8d55c Author: David Seifert <soap@gentoo.org> Date: Sun Jun 11 23:02:50 2017 +0200 sci-mathematics/octave: Remove old Thank you all for you work. Closing as [noglsa]. |