Summary: | <dev-util/xdelta-3.0.10: buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mgorny |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/02/08/1 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=dev-util/xdelta-3.0.11
|
Runtime testing required: | No |
Description
Agostino Sarubbo
2016-02-11 10:38:57 UTC
Please stabilize it. First version containing the fix which hit the repository was =dev-util/xdelta-3.0.10. Slot 3 current stable version is =dev-util/xdelta-3.1.0. New GLSA created. @ Maintainer(s): Please cleanup <dev-util/xdelta-3.0.10. Wait, I missed that mgorny committed directly into stable with a mask. So following maintainer comment #1 and calling for stable: @ Arches, please test and mark stable: =dev-util/xdelta-3.0.11 (In reply to Thomas Deutschmann from comment #3) > Wait, I missed that mgorny committed directly into stable with a mask. Yeah, sorry about that, repoman didn't catch it. Fixed now. Stable on alpha. amd64 stable x86 stable readded alpha as the arch was not marked stable. ppc64 stable Stable on alpha. sparc stable Stable for HPPA. ppc stable This issue was resolved and addressed in GLSA 201701-40 at https://security.gentoo.org/glsa/201701-40 by GLSA coordinator Aaron Bauman (b-man). Pending stable on ia64 (not security supported) and then we can cleanup the vulnerable ebuilds. ia64 stable. Maintainer(s), please cleanup. |