Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 548184 - net-news/canto-{curses,daemon} version bump needed
Summary: net-news/canto-{curses,daemon} version bump needed
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sergey Popov
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2013-7416
  Show dependency tree
 
Reported: 2015-04-29 19:34 UTC by Jack Miller
Modified: 2015-05-01 06:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jack Miller 2015-04-29 19:34:06 UTC 
The portage versions of canto-curses and canto-daemon are years out of date, unsupported and vulnerable (see #533654). I understand there is a lack of interest in maintaining these packages, but they really either need to be updated or removed completely.

I emailed the devs on the Changelog for canto-curses, who suggested that I file an official bug.

Reproducible: Always
Comment 1 Pacho Ramos gentoo-dev 2015-04-29 20:21:44 UTC 
Assigning to maintainer (and also CC treecleaners for the case they are not bumped to ensure the vulnerable versions are not kept)
Comment 2 Sergey Popov gentoo-dev 2015-05-01 06:52:33 UTC 
+*canto-daemon-0.9.1 (01 May 2015)
+
+  01 May 2015; Sergey Popov <pinkbyte@gentoo.org> -canto-daemon-0.8.2.ebuild,
+  +canto-daemon-0.9.1.ebuild:
+  Version bump, wrt bug #548184. Drop old vulnerable version, wrt bug #533654.
+  Thanks to Jack Miller <jack AT codezen.org> for discovering this issue

+*canto-curses-0.9.3 (01 May 2015)
+
+  01 May 2015; Sergey Popov <pinkbyte@gentoo.org> -canto-curses-0.8.4.ebuild,
+  +canto-curses-0.9.3.ebuild:
+  Version bump, wrt bug #548184. Drop old vulnerable version, wrt bug #533654.
+  Thanks to Jack Miller <jack AT codezen.org> for discovering this issue