Bug 587662 (CVE-2016-6128)

Comment 1 SpanKY 2016-07-04 01:47:50 UTC

hasn't seen a release yet.  there's some other various security fixes landing too before it'll be cut.

Comment 2 Aaron Bauman (RETIRED) 2016-07-04 03:49:13 UTC

Targeted release upstream is 2.2.3.

@SpanKY, sec team does not include version in bug title until an ebuild is present in tree.  Please do keep letting us know the targeted release though as it helps significantly.

Comment 3 Kristian Fiskerstrand (RETIRED) 2016-09-02 11:11:02 UTC

Arches, please stabilize:
=media-libs/gd-2.2.3
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

Comment 4 Tobias Klausmann (RETIRED) 2016-09-02 19:21:50 UTC

Stable on alpha.

Comment 5 Jeroen Roovers (RETIRED) 2016-09-03 09:23:19 UTC

Stable for HPPA PPC64.

Comment 6 Agostino Sarubbo 2016-09-10 12:49:33 UTC

amd64 stable

Comment 7 Markus Meier 2016-09-24 19:17:47 UTC

arm stable

Comment 8 Agostino Sarubbo 2016-09-29 08:41:54 UTC

x86 stable

Comment 9 Agostino Sarubbo 2016-09-29 09:36:51 UTC

sparc stable

Comment 10 Agostino Sarubbo 2016-09-29 12:37:49 UTC

ppc stable

Comment 11 Agostino Sarubbo 2016-09-29 13:30:17 UTC

ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 12 Yury German 2016-10-31 05:58:33 UTC

Arches, Thank you for your work.

Maintainer(s), please drop the vulnerable version(s).

GLSA Vote: No

Comment 13 Markus Meier 2016-11-02 18:54:59 UTC

(In reply to Yury German from comment #12)
> Maintainer(s), please drop the vulnerable version(s).

Done.

Comment 14 Aaron Bauman (RETIRED) 2016-11-11 06:44:19 UTC

GLSA is not optional here.

Comment 15 GLSAMaker/CVETool Bot 2016-12-04 11:08:41 UTC

This issue was resolved and addressed in
 GLSA 201612-09 at https://security.gentoo.org/glsa/201612-09
by GLSA coordinator Aaron Bauman (b-man).