Summary: | <dev-libs/libgcrypt-1.9.0: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, hanno, zlogene |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000453.html | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 767814 | ||
Bug Blocks: |
Description
John Helmert III
2021-01-19 23:19:32 UTC
Just to be clear here, CVE-2019-13627 seems to be the only fix that is not in currently available versions in Gentoo. We have 1.8.6 in stable and 1.8.7 in unstable. 1.9.0 is in the tree x86 done amd64 done arm done arm64 done Unable to check for sanity:
> package masked: dev-libs/libgcrypt-1.9.0
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d554d368f2cc68c944b92c2a64be391ca272eac1 commit d554d368f2cc68c944b92c2a64be391ca272eac1 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-01-29 13:10:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-29 13:10:07 +0000 dev-libs/libgcrypt: (security) bump to 1.9.1 This includes a critical security fix on 1.9.0 (currently masked). Note that the mask on 1.9.0 currently forces a downgrade to the safe 1.8.x series. Bug: https://bugs.gentoo.org/767814 Bug: https://bugs.gentoo.org/766213 Closes: https://bugs.gentoo.org/766423 Closes: https://bugs.gentoo.org/766429 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libgcrypt/Manifest | 2 +- .../libgcrypt/{libgcrypt-1.9.0.ebuild => libgcrypt-1.9.1.ebuild} | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) Unable to check for sanity:
> no match for package: dev-libs/libgcrypt-1.9.0
All sanity-check issues have been resolved We'll just GLSA it with the other one. Unable to check for sanity:
> no match for package: dev-libs/libgcrypt-1.9.1
Unable to check for sanity:
> no match for package: dev-libs/libgcrypt-1.9.1
Resetting sanity check; package list is empty or all packages are done. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=65e8a66a03a13ff76fb2733745a316822ef89c7e commit 65e8a66a03a13ff76fb2733745a316822ef89c7e Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:09:53 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:14 +0000 [ GLSA 202210-13 ] libgcrypt: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/766213 Bug: https://bugs.gentoo.org/795480 Bug: https://bugs.gentoo.org/811900 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-13.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) GLSA released, all done! |