Summary: | <x11-libs/libXfont2-2.0.2, <x11-libs/libXfont-1.5.3: multiple vulnerabilities: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | x11 |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id={1500690,1500693} | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: |
=x11-libs/libXfont2-2.0.2
=x11-libs/libXfont-1.5.3
|
Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2017-10-11 19:15:54 UTC
Note that libXfont and libXfont2 are two different packages here. commit 24a749d3dbff9d0697ad6ab5b86469eb3fd265be Author: Manuel Rüger <mrueg@gentoo.org> Date: Wed Oct 11 22:18:29 2017 +0200 x11-libs/libXfont2: Version bump to 2.0.2 Package-Manager: Portage-2.3.11, Repoman-2.3.3 (and we have libXfont package still in tree too, to be patched or something..).. so... separate bugs with a tracker? (In reply to Manuel Rüger from comment #2) >x11-libs/libXfont2: Version bump to 2.0.2 > Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...that was fast, thank you. Call stable when ready, please. Please proceed :) Meh, this should have been separated. ppc/ppc64 stable x86 stable Adding missing architectures. amd64 stable hppa stable ia64 stable tatt report for sparc: USE='-bzip2 -doc -ipv6 -static-libs -truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='-bzip2 doc ipv6 -static-libs -truetype' : REQUIRED_USE not satisfied (probably) USE='bzip2 -doc -ipv6 static-libs -truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='-bzip2 doc -ipv6 static-libs -truetype' : REQUIRED_USE not satisfied (probably) USE='bzip2 -doc -ipv6 -static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='bzip2 -doc ipv6 -static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='bzip2 doc ipv6 -static-libs truetype' : REQUIRED_USE not satisfied (probably) USE='-bzip2 -doc -ipv6 static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='-bzip2 doc -ipv6 static-libs truetype' : REQUIRED_USE not satisfied (probably) USE='-bzip2 -doc ipv6 static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='bzip2 -doc ipv6 static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='bzip2 doc ipv6 static-libs truetype' : REQUIRED_USE not satisfied (probably) FEATURES= test succeeded for =x11-libs/libXfont2-2.0.2 USE='-bzip2 -doc -ipv6 -static-libs -truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='-bzip2 doc -ipv6 -static-libs -truetype' : REQUIRED_USE not satisfied (probably) USE='-bzip2 -doc ipv6 -static-libs -truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 -doc ipv6 -static-libs -truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 -doc -ipv6 static-libs -truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='-bzip2 -doc ipv6 -static-libs truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 -doc ipv6 -static-libs truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='-bzip2 doc ipv6 -static-libs truetype' : REQUIRED_USE not satisfied (probably) USE='-bzip2 -doc -ipv6 static-libs truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 -doc ipv6 static-libs truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 doc ipv6 static-libs truetype' : REQUIRED_USE not satisfied (probably) FEATURES= test succeeded for =x11-libs/libXfont-1.5.3 FEATURES= test USE=' ' succeeded for x11-base/xorg-server FEATURES= test USE=' ' succeeded for x11-apps/bdftopcf FEATURES= test USE='server ' succeeded for net-misc/tigervnc FEATURES= test USE=' ' succeeded for x11-base/xorg-server sparc stable, thanks to Rolf Eike Beer Stable on alpha. @ Maintainer(s): Stabilization is complete, please clean the vulnerable versions from the tree. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b61b085c5df9cebc1b7ca642fa5864b8ab743ddf commit b61b085c5df9cebc1b7ca642fa5864b8ab743ddf Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-08 23:23:55 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-08 23:37:09 +0000 x11-libs/libXfont2: Drop vulnerable version Bug: https://bugs.gentoo.org/634044 x11-libs/libXfont2/Manifest | 1 - x11-libs/libXfont2/libXfont2-2.0.1.ebuild | 33 ------------------------------- 2 files changed, 34 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=252fdf82acdd1c6b9187e3b76c75e96e58dcd7e4 commit 252fdf82acdd1c6b9187e3b76c75e96e58dcd7e4 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-08 23:23:25 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-08 23:37:09 +0000 x11-libs/libXfont: Drop vulnerable version Bug: https://bugs.gentoo.org/634044 x11-libs/libXfont/Manifest | 1 - x11-libs/libXfont/libXfont-1.5.2.ebuild | 34 --------------------------------- 2 files changed, 35 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c1c02b4b226877cc1ea12bd46b2325472ac7410 commit 7c1c02b4b226877cc1ea12bd46b2325472ac7410 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-08 23:36:14 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-08 23:37:09 +0000 package.mask: Mask vulnerable versions of libXfont Bug: https://bugs.gentoo.org/634044 profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)} WTF. Somehow arm@ never got added. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81db985d3c8042f98860e51f8e577adc92dac8c2 commit 81db985d3c8042f98860e51f8e577adc92dac8c2 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-09 01:37:18 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-09 01:38:05 +0000 Revert "x11-libs/libXfont: Drop vulnerable version" This reverts commit 252fdf82acdd1c6b9187e3b76c75e96e58dcd7e4. arm is not done yet. Bug: https://bugs.gentoo.org/634044 x11-libs/libXfont/Manifest | 1 + x11-libs/libXfont/libXfont-1.5.2.ebuild | 34 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aecc9566af962c283b3ef0ac98b28817f7f90d06 commit aecc9566af962c283b3ef0ac98b28817f7f90d06 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-09 01:37:11 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-09 01:37:34 +0000 Revert "x11-libs/libXfont2: Drop vulnerable version" This reverts commit b61b085c5df9cebc1b7ca642fa5864b8ab743ddf. arm is not done yet. Bug: https://bugs.gentoo.org/634044 x11-libs/libXfont2/Manifest | 1 + x11-libs/libXfont2/libXfont2-2.0.1.ebuild | 33 +++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+)} This issue was resolved and addressed in GLSA 201711-08 at https://security.gentoo.org/glsa/201711-08 by GLSA coordinator Aaron Bauman (b-man). re-opened for arm and cleanup. arm stable Vulnerable versions removed. |