the new version is available from: http://libguestfs.org/download/hivex/ https://github.com/libguestfs/hivex/releases
need to convert python eclass to python-r1 [1] also python-2.6 is deprecated, and is removed from portage tree [1] http://wiki.gentoo.org/wiki/Python-r1 http://wiki.gentoo.org/wiki/Project:Python/Eclasses
first test ebuild ( temporarily to the old еclass ) https://code.google.com/p/rion-overlay/source/browse/app-misc/hivex/hivex-1.3.11.ebuild
Please note that this is a security update: http://seclists.org/oss-sec/2014/q4/787
hanno, thank you setting this as a security bug, and whiteboard. CVS Request as per URL provided for OSS.
*** Bug 530734 has been marked as a duplicate of this bug. ***
Adding URL: https://bugzilla.redhat.com/show_bug.cgi?id=1167756
app-misc/hivex-1.3.11 in tree
Maintainer(s): Please let us know when the ebuild is ready for stabilization, or call for stabilization.
CVE-2014-9273 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9273): lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
It has been 30 days in the tree so far no objections from maintainer. Calling for stabilization. Arches, please test and mark stable: =app-misc/hivex-1.3.11 Target Keywords : "amd64" Thank you!
amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version(s). New GLSA Request filed.
Cleanup is done
This issue was resolved and addressed in GLSA 201503-07 at https://security.gentoo.org/glsa/201503-07 by GLSA coordinator Kristian Fiskerstrand (K_F).