Summary: | <dev-vcs/subversion-{1.8.15,1.9.3}: multiple vulnerabilities (CVE-2015-5259, CVE-2015-5343) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sergey Popov (RETIRED) <pinkbyte> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | polynomial-c, tommy |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sergey Popov (RETIRED)
2015-12-09 05:34:27 UTC
Side note: branch 1.7 mentioned as vulnerable, but no release for it scheduled. @maintainers: Perhaps we should drop or mask 1.7 branch? This issue is public now @maintainers: ping about 1.7 branch - should we mask it? (In reply to Sergey Popov from comment #2) > This issue is public now > > @maintainers: ping about 1.7 branch - should we mask it? I suggest adding a mask for =1.7* and keeping it for a longer time, so people still using it also will get the message. For the version remaining in tree, the best is probably to remove it after fixed version became stable. Does security want to do the mask or should i do that? (In reply to Thomas Sachau from comment #3) > (In reply to Sergey Popov from comment #2) > > This issue is public now > > > > @maintainers: ping about 1.7 branch - should we mask it? > > I suggest adding a mask for =1.7* and keeping it for a longer time, so > people still using it also will get the message. > For the version remaining in tree, the best is probably to remove it after > fixed version became stable. Does security want to do the mask or should i > do that? If you could mask it that would be great. Do you intend to call for stabilization of 1.8.15 and 1.9.3? Added to existing GLSA. I have removed the 1.7 series from the tree. I leave the removal of the mask to the reporter. Mask for 1.7 branch was removed, waiting for cleanup old versions Cleanup was done This issue was resolved and addressed in GLSA 201610-05 at https://security.gentoo.org/glsa/201610-05 by GLSA coordinator Aaron Bauman (b-man). |