Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 906798

Summary: [Tracker] Vulnerabilities in sequoia-openpgp and buffered-reader crates
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: flow, sam
Priority: Normal Keywords: Tracker
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 906799, 906800, 906801    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-20 03:47:19 UTC 
See https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/

We need to upgrade the crates using e.g.
* cargo update -p buffered-reader --precise 1.2.0
* cargo update -p sequoia-openpgp --precise 1.16.0
and then update CRATES in the ebuilds, as well as applying a diff from ^ to update Cargo.lock.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-20 03:50:40 UTC 
flow, I think it probably makes sense for us to share maintainership for all 3 of these?
Comment 2 Florian Schmaus gentoo-dev 2023-05-20 09:35:14 UTC 
> flow, I think it probably makes sense for us to share maintainership for all 3 of these?

Of course. I'm glad to have you on board. I had not much time for sequoia lately.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-06-19 01:15:31 UTC 
(thanks!)