Contains only a small (security) bug fix over 0.32.6. Please stabilize.
Stable for HPPA PPC64.
Stable on alpha.
Does anyone have any more information then here?
There is no information I could find (although a quick search) on what the vulnerability is.
(In reply to Yury German from comment #9)
> Does anyone have any more information then here?
> There is no information I could find (although a quick search) on what the
> vulnerability is.
You can find more details in the commit message:
And in the original bugreport at
This can lead to at least a DoS on 32-bit x86 systems with ASLR disabled (maybe other configurations could be affected too) or even potential arbitrary code execution. I'm not aware of any real exploits or even PoC exploits, but this bug looked serious enough and had been fixed as soon as it was discovered.
Hope this helps.
Yes this helps a lot thank you!
We need to reverse stable on ia64, as that was never stable, and was made stable as part of this stabilization.
(In reply to Yury German from comment #11)
> Yes this helps a lot thank you!
> We need to reverse stable on ia64, as that was never stable, and was made
> stable as part of this stabilization.
Sorry should of been more clear - for Version: 0.33.4 Only. Not for 0.32.8 (that was stable)
done for ia64
Cleanup still needed. Please remove unstable 0.33.2
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
This issue was resolved and addressed in
GLSA 201612-37 at https://security.gentoo.org/glsa/201612-37
by GLSA coordinator Aaron Bauman (b-man).