Summary: | <net-libs/libyang-1.0.236: Multiple vulnerabilities (CVE-2021-{28902,28903,28904,28905,28906}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jsmolic, pinkbyte, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/21005 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
net-libs/libyang-1.0.236
|
Runtime testing required: | --- |
Description
Sam James
2021-05-22 01:49:05 UTC
All look fixed(?) upstream, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6491cbd55ee320a821c1f91aa08dda83071e1df commit a6491cbd55ee320a821c1f91aa08dda83071e1df Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2021-05-24 13:22:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-05-26 12:34:56 +0000 net-libs/libyang: Seurity bump to 1.0.236 * Note that upstream didn't make a proper release, but has tagged version 1.0.236 in the commit, so let's just fetch the tarball using commit id Bug: https://bugs.gentoo.org/791373 Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> Closes: https://github.com/gentoo/gentoo/pull/20966 Signed-off-by: Sam James <sam@gentoo.org> net-libs/libyang/Manifest | 1 + net-libs/libyang/libyang-1.0.236.ebuild | 46 +++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd49db32c2ce99b6326819023a0358d7b184dbb5 commit cd49db32c2ce99b6326819023a0358d7b184dbb5 Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2021-05-27 08:15:21 +0000 Commit: Sergey Popov <pinkbyte@gentoo.org> CommitDate: 2021-05-27 09:45:17 +0000 net-libs/libyang: Security cleanup Closes: https://github.com/gentoo/gentoo/pull/21005 Bug: https://bugs.gentoo.org/791373 Signed-off-by: Sergey Popov <pinkbyte@gentoo.org> Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> net-libs/libyang/Manifest | 2 -- net-libs/libyang/libyang-1.0.215.ebuild | 46 --------------------------------- net-libs/libyang/libyang-1.0.225.ebuild | 44 ------------------------------- 3 files changed, 92 deletions(-) GLSA request filed. This issue was resolved and addressed in GLSA 202107-54 at https://security.gentoo.org/glsa/202107-54 by GLSA coordinator John Helmert III (ajak). |