Bug 602782 (CVE-2016-10164)

Comment 1 Tobias Klausmann (RETIRED) 2016-12-16 10:20:50 UTC

Stable on alpha.

Comment 2 Agostino Sarubbo 2016-12-16 10:48:11 UTC

amd64 stable

Comment 3 Agostino Sarubbo 2016-12-16 10:48:45 UTC

x86 stable

Comment 4 Markus Meier 2016-12-18 16:58:40 UTC

arm stable

Comment 5 Agostino Sarubbo 2016-12-19 14:45:36 UTC

sparc stable

Comment 6 Agostino Sarubbo 2016-12-19 15:21:03 UTC

ia64 stable

Comment 7 Agostino Sarubbo 2016-12-20 09:55:30 UTC

ppc stable

Comment 8 Agostino Sarubbo 2016-12-22 09:43:22 UTC

ppc64 stable

Comment 9 Jeroen Roovers (RETIRED) 2017-01-14 12:26:16 UTC

Stable for HPPA.

Comment 10 Matt Turner 2017-01-25 16:16:13 UTC

Just waiting on arm64@

Comment 11 Thomas Deutschmann (RETIRED) 2017-01-26 15:21:36 UTC

Thanks, we don't need to wait for arm64 to proceed.

New GLSA request filed.

Comment 12 Aaron Bauman (RETIRED) 2017-01-28 04:08:58 UTC

arm64 dropped due to being an unstable arch.  Please request stabilization in a new bug which does *not* block this bug.  This will impact cleanup later.

CVE Assignment:

http://seclists.org/oss-sec/2017/q1/190

Comment 13 GLSAMaker/CVETool Bot 2017-01-29 17:02:29 UTC

This issue was resolved and addressed in
 GLSA 201701-72 at https://security.gentoo.org/glsa/201701-72
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 14 Thomas Deutschmann (RETIRED) 2017-01-29 17:04:30 UTC

Re-opening for cleanup.

@ Maintainer(s): Please cleanup and drop <x11-libs/libXpm-3.5.12!

Comment 15 Matt Turner 2017-01-29 17:35:35 UTC

Vulnerable versions have now been removed in

commit a99914d2265ba3dcb4fa6a4c680ebec84be69083
Author: Matt Turner <mattst88@gentoo.org>
Date:   Sun Jan 29 09:20:26 2017 -0800

    x11-libs/libXpm: Drop vulnerable versions.