Summary: | app-emulation/ruffle: 'cargo audit' reports one or more bundled CRATES as vulnerable | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ionen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/germangb/minimp3-rs/issues/29 | ||
See Also: | https://github.com/germangb/minimp3-rs/pull/38 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2022-08-06 15:28:24 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fed53f82a47f6c82d30a0c42575b840034516a04 commit fed53f82a47f6c82d30a0c42575b840034516a04 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2022-12-12 05:47:32 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2022-12-12 07:12:31 +0000 app-emulation/ruffle: add 0_p20221212 To update wrt bug #86401, only slice-deque-0.3.0 issue remains which is waiting for minimp3's upstream (there is a migration PR but progress been kind of stalled). This replaces x11-clipboard by arboard and thus removes the need for old xcb crate and python-any-r1. Adjust X deps to be match what winit crate uses more closely. Arboard and winit have some degree of wayland support but this didn't work so well with ruffle yet from a quick try. Bug: https://bugs.gentoo.org/864010 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-emulation/ruffle/Manifest | 71 +++ app-emulation/ruffle/ruffle-0_p20221212.ebuild | 583 +++++++++++++++++++++++++ 2 files changed, 654 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=947742fff69af49cd9a5bd4b5f22313cd53acfc0 commit 947742fff69af49cd9a5bd4b5f22313cd53acfc0 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2022-12-29 17:22:51 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2022-12-29 20:28:56 +0000 app-emulation/ruffle: drop vulnerable 0_p20221212 Bug: https://bugs.gentoo.org/864010 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-emulation/ruffle/Manifest | 49 --- app-emulation/ruffle/ruffle-0_p20221212.ebuild | 583 ------------------------- 2 files changed, 632 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a596739245e52bcd5e5c162b5543f35748ca6da commit 7a596739245e52bcd5e5c162b5543f35748ca6da Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2022-12-29 17:16:30 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2022-12-29 20:28:56 +0000 app-emulation/ruffle: add 0_p20221229 all done wrt bug #864010, minimp3 is no longer used and so neither is slice-deque (and no new vulns from cargo audit). Bug: https://bugs.gentoo.org/864010 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> app-emulation/ruffle/Manifest | 46 ++ app-emulation/ruffle/ruffle-0_p20221229.ebuild | 580 +++++++++++++++++++++++++ 2 files changed, 626 insertions(+) Thanks! All done then. |