Summary: | <dev-libs/uriparser-0.9.6: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | sping |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 830711 | ||
Bug Blocks: |
Description
John Helmert III
2022-01-06 07:32:58 UTC
I guess you're officially faster than me :) Upstream release and Gentoo bump to 0.9.6 coming soon. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fe389bbf400ccbe9ee83697f55ddd9be611cac2 commit 6fe389bbf400ccbe9ee83697f55ddd9be611cac2 Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2022-01-06 20:15:00 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2022-01-06 20:16:27 +0000 dev-libs/uriparser: 0.9.6 Bug: https://bugs.gentoo.org/830665 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.30, Repoman-3.0.3 dev-libs/uriparser/Manifest | 1 + dev-libs/uriparser/uriparser-0.9.6.ebuild | 57 +++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) Thanks! Please stable when ready. (In reply to John Helmert III from comment #3) > Thanks! Please stable when ready. Green light from my side. How do I unlock the editbox with the package atom to stabilize in a security ticket like this one? Should I add arch teams (amd64 arm arm64 ppc sparc x86) for CC, only? You should file a separate bug and block this one as described here: https://archives.gentoo.org/gentoo-dev-announce/message/66f1227144d451eac3c1f641771be557 (In reply to John Helmert III from comment #5) > You should file a separate bug and block this one as described here: > https://archives.gentoo.org/gentoo-dev-announce/message/ > 66f1227144d451eac3c1f641771be557 I see, thanks! Should I delete vulnerable 0.9.5 now? (In reply to Sebastian Pipping from comment #7) > Should I delete vulnerable 0.9.5 now? Please do! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33289e80e5ad2ce3a26a4cc6f1964df258e0e9ac commit 33289e80e5ad2ce3a26a4cc6f1964df258e0e9ac Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2022-01-08 15:01:37 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2022-01-08 15:01:37 +0000 dev-libs/uriparser: Drop vulnerable <0.9.6 Bug: https://bugs.gentoo.org/830665 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.30, Repoman-3.0.3 dev-libs/uriparser/Manifest | 1 - dev-libs/uriparser/uriparser-0.9.5.ebuild | 57 ------------------------------- 2 files changed, 58 deletions(-) |