Summary: | <dev-libs/libgit2-0.24.2: two invalid memory accesses (CVE-2016-{8568,8569}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cynede, elvis, mrueg, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/10/08/2 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 599264 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2016-10-10 10:35:03 UTC
commit f9e4d518a020417d1cb9a0cd539f28bcb63e995b Author: Manuel Rüger <mrueg@gentoo.org> Date: Tue Oct 11 00:35:21 2016 +0200 dev-libs/libgit2: Security bump to 0.24.2 Gentoo-Bug: 596758 Package-Manager: portage-2.3.1 @arches please stabilize Needs to be cleaned up/updated for cleanup: app-editors/atom-1.10.2: =dev-libs/libgit2-0.23*:=[ssh] app-editors/atom-1.7.4-r4: =dev-libs/libgit2-0.23*:=[ssh] app-editors/atom-1.8.0-r1: =dev-libs/libgit2-0.23*:=[ssh] dev-libs/libgit2-glib-0.22.8: <dev-libs/libgit2-0.23 dev-libs/libgit2-glib-0.23.10-r1: <dev-libs/libgit2-0.24 dev-python/pygit2-0.20.3:RDEPEND="=dev-libs/libgit2-$(get_version_component_range 1-2)*" dev-python/pygit2-0.21.4-r1: =dev-libs/libgit2-$(get_version_component_range 1-2)* dev-python/pygit2-0.22.1: =dev-libs/libgit2-$(get_version_component_range 1-2)* dev-python/pygit2-0.23.0: =dev-libs/libgit2-$(get_version_component_range 1-2)* dev-python/pygit2-0.23.3: =dev-libs/libgit2-$(get_version_component_range 1-2)* dev-vcs/gitg-3.18.0-r1: <dev-libs/libgit2-glib-0.24.0 www-apps/blohg-0.13-r1: git? ( =dev-python/pygit2-0.20* ) www-apps/blohg-9999: git? ( =dev-python/pygit2-0.21* ) amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. CC'ing atom maintainers, please clean up your package. app-editors/atom-1.10.2: =dev-libs/libgit2-0.23*:=[ssh] app-editors/atom-1.7.4-r4: =dev-libs/libgit2-0.23*:=[ssh] app-editors/atom-1.8.0-r1: =dev-libs/libgit2-0.23*:=[ssh] app-editors/atom cleanup patch is here: https://github.com/gentoo/gentoo/pull/2836 @ Manuel: Still waiting for your cleanup. Cleaned: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b64de1489263019495731928a65665e3ab3daba GLSA Vote: No Reverting cleanup... please clean... (In reply to Aaron Bauman from comment #10) > please clean... dev-util/geany-plugins-1.25: git? ( <dev-libs/libgit2-0.23.0 ) Vulnerable versions cleaned up. |