Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 539468 - <dev-vcs/fossild-20150119112900: Vulnerable to POODLE SSL 3.0 vulnerability as described in CVE-2014-3566
Summary: <dev-vcs/fossild-20150119112900: Vulnerable to POODLE SSL 3.0 vulnerability a...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.fossil-scm.org/download.html
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-09 13:53 UTC by David Flogeras
Modified: 2015-03-18 22:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Flogeras 2015-02-09 13:53:57 UTC 
There is a new version available here:

http://www.fossil-scm.org/download.html

It does mention that it includes a fix for an SSL CVE (see near the bottom of release notes)

Simply renaming the dev-vcs/fossil-20140612172556.ebuild worked here.  I have compiled and ran it on amd64, x86, and arm (armv6j rpi and armv7a cubieboard2).

Reproducible: Always
Comment 1 Rafael Martins (RETIRED) gentoo-dev 2015-02-11 23:43:15 UTC 
bumped to =dev-vcs/fossil-20150119112900. feel free to stabilize it.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2015-02-16 03:27:09 UTC 
Arches, please test and mark stable:

=dev-vcs/fossild-20150119112900

Target Keywords : "amd64 x86"

Thank you!
Comment 3 Andreas Schürch gentoo-dev 2015-02-23 19:48:53 UTC 
x86 done.
Comment 4 Agostino Sarubbo gentoo-dev 2015-02-24 09:39:20 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Rafael Martins (RETIRED) gentoo-dev 2015-02-27 01:36:26 UTC 
(In reply to Agostino Sarubbo from comment #4)
> amd64 stable.
> 
> Maintainer(s), please cleanup.
> Security, please vote.

removed. thanks
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-03-18 22:09:39 UTC 
GLSA Vote: No
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-03-18 22:11:18 UTC 
GLSA vote: no.

Closing as [noglsa]