Summary: | <sys-libs/gwenhywfar-4.19.0: bundling of outdated and potentially insecure root certificates | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gentoo, slawomir.nizio |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
sys-libs/gwenhywfar-4.19.0
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 640900, 644782 |
Description
Hanno Böck
2016-05-11 09:14:59 UTC
Update: upstream has fixed this in the latest beta versions. I'll wait till they become non-beta and will then update. Gwenhywfar 4.18.0 has been released (non-beta) including the fix. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82eb14efdb7e64341d631a7b9a7dfa6782a6305f commit 82eb14efdb7e64341d631a7b9a7dfa6782a6305f Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-02-12 22:44:14 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-02-12 23:50:09 +0000 sys-libs/gwenhywfar: 4.19.0 version bump Thanks-to: Thomas Bettler <thomas.bettler@gmail.com> Bug: https://bugs.gentoo.org/582740 Bug: https://bugs.gentoo.org/640900 Closes: https://bugs.gentoo.org/644782 Package-Manager: Portage-2.3.24, Repoman-2.3.6 sys-libs/gwenhywfar/Manifest | 1 + sys-libs/gwenhywfar/gwenhywfar-4.19.0.ebuild | 116 +++++++++++++++++++++++++++ sys-libs/gwenhywfar/metadata.xml | 17 ++-- 3 files changed, 128 insertions(+), 6 deletions(-)} Let's use this bug for stabilisation after the usual testing period. In fact I would like to schedule this with kmymoney-5.0.0 for 2018-03-12 if possible. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26b5e6901708132469ce69fa967a6e1d2882c484 commit 26b5e6901708132469ce69fa967a6e1d2882c484 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-04-06 00:38:47 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-04-06 00:42:00 +0000 sys-libs/gwenhywfar: Drop vulnerable and Qt4-based Bug: https://bugs.gentoo.org/582740 Closes: https://bugs.gentoo.org/644782 Package-Manager: Portage-2.3.28, Repoman-2.3.9 sys-libs/gwenhywfar/Manifest | 1 - sys-libs/gwenhywfar/gwenhywfar-4.15.3-r1.ebuild | 62 ------------------------- sys-libs/gwenhywfar/gwenhywfar-4.15.3.ebuild | 59 ----------------------- 3 files changed, 122 deletions(-)} ping sec GLSA Vote: No Thanks, Andreas! |