Summary: | <x11-libs/libICE-1.0.9-r1: weak entropy usage in session keys | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | x11 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=611352 | ||
Whiteboard: | A1 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 611056 | ||
Bug Blocks: |
Description
Thomas Deutschmann (RETIRED)
2017-03-02 00:13:22 UTC
We will have to check, most Gentoo architectures shouldn't be affected due to
> elibc_glibc? ( dev-libs/libbsd )
libICE-1.0.9-r1 depends on libbsd, but it is not stabilized yet. We will need to do that. Stabilization will be handled in bug 611056. Vulnerable versions dropped: commit 8bd3d32950f98d616d97c0df66a841eb5c6f7f0c Author: Matt Turner <mattst88@gentoo.org> Date: Thu Mar 16 09:11:52 2017 -0700 x11-libs/libICE: Drop vulnerable versions. Bug: https://bugs.gentoo.org/611354 New GLSA request filed. This issue was resolved and addressed in GLSA 201704-03 at https://security.gentoo.org/glsa/201704-03 by GLSA coordinator Kristian Fiskerstrand (K_F). |