Summary: | <net-misc/curl-7.52.1: uninitialized random | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://curl.haxx.se/docs/adv_20161223.html | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=net-misc/curl-7.52.1-r1
=net-dns/libidn2-0.11
|
Runtime testing required: | --- |
Bug Depends on: | 581034, 604104 | ||
Bug Blocks: | 603370 |
Description
Thomas Deutschmann (RETIRED)
2016-12-23 12:11:31 UTC
@ Maintainer(s): Thank you for the bump! @ Arches, please test and mark stable: =net-misc/curl-7.52.1 Some arches still have to re-keyword curl itself _and_ =net-dns/libidn2-0.11 (including stabilization). =net-dns/libidn2-0.11 is already stable on all stable arches. amd64 stable (In reply to Aaron Bauman from comment #2) > =net-dns/libidn2-0.11 is already stable on all stable arches. No, this bug also covers re-keywording of net-misc/curl. I.e. alpha, ia64 and sparc still have to re-keyword net-misc/curl (keywords were dropped when new =net-dns/libidn2 dependency was introduced), including net-dns/libidn2. See depending bug and large blocking history. x86 stable Stopping stabilization due to upstream issue https://github.com/curl/curl/issues/1174 We will continue shortly after the rev bump including the patch landed in Gentoo repository. (In reply to Thomas Deutschmann from comment #6) > Stopping stabilization due to upstream issue > https://github.com/curl/curl/issues/1174 > > We will continue shortly after the rev bump including the patch landed in > Gentoo repository. Okay let's restart with curl-7.52.1-r1.ebuild. It fixes bug #604104. @ Arches, please test and mark stable: =net-misc/curl-7.52.1-r1 Some arches still have to re-keyword curl itself _and_ =net-dns/libidn2-0.11 (including stabilization). amd64 stable x86 stable Stable for HPPA PPC64. Stable on alpha. arm stable ppc stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. This issue was resolved and addressed in GLSA 201701-47 at https://security.gentoo.org/glsa/201701-47 by GLSA coordinator Thomas Deutschmann (whissi). @ Maintainer(s): Please cleanup and drop <net-misc/curl-7.52.1! I removed the vulnerable versions. |