Now dev-util/android-tools::gentoo affected to "CVE-2014-1909 android-tools: stack-based buffer overflow flaw in Android Debug Bridge (ADB) client" gentoo-bug https://bugs.gentoo.org/show_bug.cgi?id=500480 gentoo use android-tools-20130123git98d0789-2.fc20.src.rpm git commit "98d0789772b94b9b0c2aecfab74dc1a9283a91b1" old snapshot from fedora. And there are no updates since that time. But CVE-2014-1909 been fixed at git commit "b49bb5236637b35d20c97e10921e33cf9db39be8" branch "android-4.2.1_r1.2" four months ago (!!!) for details, see https://bugzilla.novell.com/show_bug.cgi?id=863074 diff from git commit "98d0789772b94b9b0c2aecfab74dc1a9283a91b1" to branch "android-4.2.1_r1.2" (not affected to CVE-2014-1909) git commit "b49bb5236637b35d20c97e10921e33cf9db39be8" https://android.googlesource.com/platform/system/core/+/98d0789772b94b9b0c2aecfab74dc1a9283a91b1..b49bb5236637b35d20c97e10921e33cf9db39be8/ diff from git commit "b49bb5236637b35d20c97e10921e33cf9db39be8" to branch "android-4.4_r1.2" git commit "3e453498083d3caa38f25d0ba6cc7c9829010bbc" https://android.googlesource.com/platform/system/core/+/98d0789772b94b9b0c2aecfab74dc1a9283a91b1..3e453498083d3caa38f25d0ba6cc7c9829010bbc/ Reproducible: Always Steps to Reproduce: 1. emerge --sync 2. emerge dev-util/android-tools::gentoo 3. Actual Results: You get affected to CVE-2014-1909 and old adb, fastboot Expected Results: Not affected to CVE-2014-1909 updated version adb, fastboot My ebuild use branch "android-4.4_r1.2" git commit "3e453498083d3caa38f25d0ba6cc7c9829010bbc" and get all sources from git. It is more likely that it should be named *9999.ebuild But I do not know how to do in this case more correctly Perhaps necessary to do our snapshot and use it?
*** This bug has been marked as a duplicate of bug 500480 ***