Summary: | <app-portage/emerge-delta-webrsync-3.7.5: emerge*-webrsync accepts a revoked key | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michał Górny <mgorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dev-portage, jaak |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa+ cleanup] | ||
Package list: |
=app-portage/emerge-delta-webrsync-3.7.5
|
Runtime testing required: | --- |
Description
Michał Górny
2018-01-31 15:23:42 UTC
Please review: https://gitweb.gentoo.org/proj/portage.git/commit/?id=ffd68477e5c1e1badf60c86ae221c90dad50390d At a first glance, it should fix the immediate problem. However, I hate it because it's yet another part of duplicated code in this ugly thing. Strict signature check is enabled since sys-apps/portage-2.3.22: https://gitweb.gentoo.org/proj/portage.git/commit/?id=ffd68477e5c1e1badf60c86ae221c90dad50390d *** Bug 570734 has been marked as a duplicate of this bug. *** Also fixed in app-portage/emerge-delta-webrsync-3.7.4: https://gitweb.gentoo.org/proj/portage.git/commit/?id=52d5d444ffb144911ca9b6e70b383405a8bd8af6 Please clean-up, version 2.3.8 : 0 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf2a7ad91461e9d48b8abc66726ab80d22d7209c commit cf2a7ad91461e9d48b8abc66726ab80d22d7209c Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-03-12 07:37:29 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-03-12 07:39:36 +0000 sys-apps/portage: remove version 2.3.8 Bug: https://bugs.gentoo.org/646212 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/portage/Manifest | 1 - sys-apps/portage/portage-2.3.8.ebuild | 244 ---------------------------------- 2 files changed, 245 deletions(-) @arches, please stabilize. Stable candidate should now be emerge-delta-webrsync-3.7.5. amd64 stable x86 stable alpha stable ia64 stable ppc stable @portage, please drop vulnerable. This issue was resolved and addressed in GLSA 201904-11 at https://security.gentoo.org/glsa/201904-11 by GLSA coordinator Aaron Bauman (b-man). |