See $URL and bug 235770.
I assume I was added because I touched this package to fix a bug report submitted by a user. However, it was merely an attempt to improve QA in gentoo ;) I don't use this package so..meh.
I was only nuking built_with_use usage.
I just committed fwbuilder-3.0.3 which isn't affected anymore (at least, the affected script is gone in the new version and also debian doesn't have any special patch anymore for this version).
Arches, please test and mark stable: =net-firewall/fwbuilder-3.0.3 Target keywords : "amd64 ppc ppc64 sparc x86"
~ppc and ~ppc64 and removed us from CC. If the intent was to go to straight stable, then re-add us
@security: I dropped all keywords when bumping from 2.1 to 3.0. Please specify whether stable keywords are wanted (I assume yes). Please also note that alpha has 2.0 stable (which is also affected) but can't keyword >=2.1 because of the implicit java dependency (due to antlr). They agreed that their keyword gets dropped completely.
amd64/x86 stable
Arches, please test and mark stable: =net-firewall/fwbuilder-3.0.3 Target keywords : "amd64 ppc ppc64 sparc x86" Already stabled : "amd64 x86" Missing keywords: "ppc ppc64 sparc"
ppc stable
ppc64 done
sparc: ping
sparc keyword dropped from the vulnerable version. We'll probably keyword a new one (on bug #228621) when we have a working JDK. Sorry for the delay.
I think this might be related to bug #285861 , maybe it would be time to shake a bit this ebuild ?
GLSA Vote: yes.
glsa with #285861
Not in tree anymore
fwbuilder-3.0.3 is no longer in the tree. Closing as OBSOLETE.
Please do not close security bug--we need to publish a GLSA for this--thanks.
This issue was resolved and addressed in GLSA 201201-11 at http://security.gentoo.org/glsa/glsa-201201-11.xml by GLSA coordinator Sean Amoss (ackle).