Summary: | <app-text/podofo-0.9.6_p20190928: Multiple vulnerabilities (CVE-2019-{9199,9687}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, zmedico |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=614038 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=app-text/podofo-0.9.6_p20190928
|
Runtime testing required: | --- |
Bug Depends on: | 728090 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2020-04-17 04:29:38 UTC
Both of these issues appear to have been fixed upstream: CVE-2019-9199: https://sourceforge.net/p/podofo/code/1971/ CVE-2019-9687: https://sourceforge.net/p/podofo/code/1969/ Maintainer, please bump to a version with these commits (the latest of which published on 2019-03-09). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c44915514fc5b80618b0b048979d230a4668e7d commit 1c44915514fc5b80618b0b048979d230a4668e7d Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-06-10 06:11:38 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-06-10 06:31:35 +0000 app-text/podofo: Bump to version 0.9.6_p20200526 (bug 717792) Bug: https://bugs.gentoo.org/717792 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-text/podofo/Manifest | 1 + app-text/podofo/podofo-0.9.6_p20200526.ebuild | 141 ++++++++++++++++++++++++++ 2 files changed, 142 insertions(+) Maintainer, let us know when ready for stabilization. (In reply to Larry the Git Cow from comment #2) > app-text/podofo: Bump to version 0.9.6_p20200526 (bug 717792) Zac, please consider packaging a version before r2000 which I suspect is the one breaking scribus in bug 728090. Unless the latter can be easily solved of course. (In reply to Andreas Sturmlechner from comment #4) > (In reply to Larry the Git Cow from comment #2) > > app-text/podofo: Bump to version 0.9.6_p20200526 (bug 717792) > > Zac, please consider packaging a version before r2000 which I suspect is the > one breaking scribus in bug 728090. Unless the latter can be easily solved > of course. ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b74b2edcf1da679d241113cebbbcb1ba6ac7c0bb commit b74b2edcf1da679d241113cebbbcb1ba6ac7c0bb Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-06-29 04:20:18 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-06-29 04:38:11 +0000 app-text/podofo: Bump to version 0.9.6_p20190928 (bug 717792) Bug: https://bugs.gentoo.org/717792 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-text/podofo/Manifest | 1 + app-text/podofo/podofo-0.9.6_p20190928.ebuild | 146 ++++++++++++++++++++++++++ 2 files changed, 147 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb5d2536ee9fe7736ec040306021ff09a347cc4f commit bb5d2536ee9fe7736ec040306021ff09a347cc4f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-06-29 04:39:20 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-06-29 04:39:46 +0000 app-text/podofo: Remove 0.9.6_p20200526 This version broke scribus builds as reported in bug 728090. Bug: https://bugs.gentoo.org/717792 Bug: https://bugs.gentoo.org/728090 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-text/podofo/Manifest | 1 - app-text/podofo/podofo-0.9.6_p20200526.ebuild | 141 -------------------------- 2 files changed, 142 deletions(-) Unable to check for sanity:
> no match for package: =app-text/podofo-0.9.6_p20200526
Unable to check for sanity:
> disallowed package spec (only = allowed): =app-text/podofo-0.9.6_p20190928*
Let's stabilise it if no objections. ppc stable ppc64 stable x86 stable amd64 stable hppa: ping GLSA vote: no dropped to ~hppa Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2e032b980c8875c8956bd2223eeeba7d4fb190c commit c2e032b980c8875c8956bd2223eeeba7d4fb190c Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-07-28 22:02:49 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-07-28 22:04:57 +0000 app-text/podofo: Remove vulnerable <0.9.6_p20190928 Bug: https://bugs.gentoo.org/717792 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-text/podofo/Manifest | 1 - app-text/podofo/podofo-0.9.6_p20180715.ebuild | 146 -------------------------- 2 files changed, 147 deletions(-) Thanks! All done, closing. |