Summary: | <net-libs/mbedtls-{2.28.7,3.5.2}: multiple vulnerabilties | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Azamat H. Hackimov <azamat.hackimov> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, azamat.hackimov, dlan |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/35079 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 923409 | ||
Bug Blocks: |
Description
Azamat H. Hackimov
2024-01-29 17:35:49 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8854f3a3ba8804ac498d25fa3ba419215b18d352 commit 8854f3a3ba8804ac498d25fa3ba419215b18d352 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2024-01-29 17:48:33 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2024-01-31 09:37:45 +0000 net-libs/mbedtls: drop 2.28.6, 3.5.1 Bug: https://bugs.gentoo.org/923279 Closes: https://github.com/gentoo/gentoo/pull/35079 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Yixun Lan <dlan@gentoo.org> net-libs/mbedtls/Manifest | 2 - net-libs/mbedtls/mbedtls-2.28.6.ebuild | 104 --------------------------------- net-libs/mbedtls/mbedtls-3.5.1.ebuild | 96 ------------------------------ 3 files changed, 202 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9ee81cf0e4c6b4df223fff5732fba83a019e398 commit a9ee81cf0e4c6b4df223fff5732fba83a019e398 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2024-01-29 17:47:16 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2024-01-31 09:35:52 +0000 net-libs/mbedtls: add 2.28.7, 3.5.2 Fixes CVE-2024-23170, CVE-2024-23775 issues. Bug: https://bugs.gentoo.org/923279 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Yixun Lan <dlan@gentoo.org> net-libs/mbedtls/Manifest | 2 + net-libs/mbedtls/mbedtls-2.28.7.ebuild | 104 +++++++++++++++++++++++++++++++++ net-libs/mbedtls/mbedtls-3.5.2.ebuild | 96 ++++++++++++++++++++++++++++++ net-libs/mbedtls/metadata.xml | 1 + 4 files changed, 203 insertions(+) since this is a security bug, please suggest new candidate for fast stabilization, I'd assume net-libs/mbedtls-2.28.7 ? thanks The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d21ab1340ca6819c7fd7091b0fd62ce433aa6969 commit d21ab1340ca6819c7fd7091b0fd62ce433aa6969 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-22 07:17:18 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-22 07:17:27 +0000 [ GLSA 202409-14 ] Mbed TLS: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/886001 Bug: https://bugs.gentoo.org/923279 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-14.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) |