Summary: | <net-wireless/hostapd-2.8 version bump | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Manfred Knick <Manfred.Knick> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | andrey_utkin, jstein, polynomial-c, zerochaos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://w1.fi/ | ||
Whiteboard: | A3 [glsa+ cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 688726 | ||
Bug Blocks: |
Description
Manfred Knick
2019-06-24 07:49:30 UTC
Version 2.8 "fixes various security vulnerabilities and other bugs" Pushed commit 8d054f705eea755094454959dcbe730a7f18ae34. Sorry for not ref'ing the bug in commit message. A nice bonus is that libressl support is not broken :) Not marking the bug as "resolved" because I don't know what is the workflow for security bugs. Raised stablereq https://bugs.gentoo.org/688726 Dear Gentoo Security staff, I couldn't find any particular document describing stablereq-ing for security issue, so please amend the ticket as you see fit, maybe add SECURITY tag, or whatever. @maintainer(s), please drop vulnerable > @maintainer(s), please drop vulnerable
Got it now. However it was a coincidence that I paid attention to this message.
I actually came here interested in the title change:
"net-wireless/hostapd-2.8 version bump" -> "<net-wireless/hostapd-2.8 version bump"
bman, why change title? Isn't it confusing? Or is it a standard procedure for security bugs?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a121e13f9fc8b4e1ac5df754a4279a03d0b4e84 commit 8a121e13f9fc8b4e1ac5df754a4279a03d0b4e84 Author: Andrey Utkin <andrey_utkin@gentoo.org> AuthorDate: 2019-08-12 17:33:26 +0000 Commit: Andrey Utkin <andrey_utkin@gentoo.org> CommitDate: 2019-08-12 17:34:21 +0000 net-wireless/hostapd: drop vulnerable old version 2.7 Bug: https://bugs.gentoo.org/688588 Package-Manager: Portage-2.3.66, Repoman-2.3.16 Signed-off-by: Andrey Utkin <andrey_utkin@gentoo.org> net-wireless/hostapd/Manifest | 1 - net-wireless/hostapd/hostapd-2.7-r2.ebuild | 266 ----------------------------- 2 files changed, 267 deletions(-) (In reply to Andrey Utkin from comment #6) > > @maintainer(s), please drop vulnerable > > Got it now. However it was a coincidence that I paid attention to this > message. > > I actually came here interested in the title change: > > "net-wireless/hostapd-2.8 version bump" -> "<net-wireless/hostapd-2.8 > version bump" > > bman, why change title? Isn't it confusing? Or is it a standard procedure > for security bugs? Andrey, we always track by the bug summary what versions are vulnerable. < simply let's us know that. This issue was resolved and addressed in GLSA 201908-25 at https://security.gentoo.org/glsa/201908-25 by GLSA coordinator Aaron Bauman (b-man). |