Bug 701842 (CVE-2019-19330)

Comment 1 Sam James 2020-03-19 01:09:11 UTC

@maintainer(s), please advise if you are ready for stabilisation or call for stabilisation yourself (see also bug 699870).

Comment 2 Sam James 2020-03-27 23:26:48 UTC

Permission received from maintainer via IRC.

@arches, please stabilise (amd64, arm, ppc, x86).

Comment 3 Agostino Sarubbo 2020-03-30 13:14:47 UTC

amd64 stable

Comment 4 Agostino Sarubbo 2020-03-30 13:36:27 UTC

arm stable

Comment 5 Agostino Sarubbo 2020-03-30 13:42:01 UTC

x86 stable

Maybe we should have targeted the LTS branch 2.0.

(In reply to Tomáš Mózes from comment #6)
> Maybe we should have targeted the LTS branch 2.0.

I meant like having 2.1 in ~testing and 2.0 stable.

Comment 8 Christian Ruppert (idl0r) 2020-04-01 07:24:26 UTC

(In reply to Tomáš Mózes from comment #7)
> (In reply to Tomáš Mózes from comment #6)
> > Maybe we should have targeted the LTS branch 2.0.
> 
> I meant like having 2.1 in ~testing and 2.0 stable.

That's why 2.0.13 will be stabilized as well. I don't see a problem having both stabilized since both work pretty solid/stable for me.

Not really a problem, but probably no one will run 2.0 as the latest stable is 2.1 ;) If you just install/upgrade haproxy, then everybody will receive version 2.1, so is there a point of keeping both stable? 

But like I said, not really a problem, just my opinion.

Comment 10 GLSAMaker/CVETool Bot 2020-04-01 19:32:08 UTC

This issue was resolved and addressed in
 GLSA 202004-01 at https://security.gentoo.org/glsa/202004-01
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 11 Thomas Deutschmann (RETIRED) 2020-04-01 19:32:44 UTC

Re-opening for remaining architectures.

Comment 12 ernsteiswuerfel 2020-04-05 22:08:20 UTC

Still fails to build on ppc due to bug #668002.

Comment 13 Yury German 2020-04-06 02:18:25 UTC

Newer Stabilization in progress, Please continue in Bug #715944

Comment 14 NATTkA bot 2020-04-24 09:20:47 UTC

Unable to check for sanity:

> no match for package: =net-proxy/haproxy-2.0.13

Comment 15 NATTkA bot 2020-04-30 09:01:28 UTC

All sanity-check issues have been resolved

Comment 16 Matt Turner 2020-05-23 19:20:36 UTC

ppc stable. all arches stable

Comment 17 NATTkA bot 2020-05-23 19:20:58 UTC

Unable to check for sanity:

> dependent bug #715944 is missing keywords

Comment 18 NATTkA bot 2020-05-23 19:24:51 UTC

Resetting sanity check; keywords are not fully specified and arches are not CC-ed.

Comment 19 Sam James 2020-05-23 22:36:35 UTC

@maintainer(s), please cleanup

Comment 20 Larry the Git Cow 2020-06-20 01:20:26 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22a7680ab28c28d7b7f100c83500c4630c848f12

commit 22a7680ab28c28d7b7f100c83500c4630c848f12
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2020-06-20 01:19:54 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-06-20 01:19:54 +0000

    net-analyzer/sarg: drop vulnerable
    
    Bug: https://bugs.gentoo.org/701842
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 net-analyzer/sarg/Manifest              |  1 -
 net-analyzer/sarg/sarg-2.3.11-r1.ebuild | 43 --------------------------------
 net-analyzer/sarg/sarg-2.3.11-r2.ebuild | 44 ---------------------------------
 3 files changed, 88 deletions(-)