See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7542 It's about bundled deprecated certificates. Ideally the package should use the system-wide certificate store, but even the latest version doesn't do that. There's a new version 4.15.3 that I'll commit today. I'm currently trying to find out via the upstream mailing list if they intend to switch to the system wide store or keep their own store up to date.
Update: upstream has fixed this in the latest beta versions. I'll wait till they become non-beta and will then update.
Gwenhywfar 4.18.0 has been released (non-beta) including the fix.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82eb14efdb7e64341d631a7b9a7dfa6782a6305f commit 82eb14efdb7e64341d631a7b9a7dfa6782a6305f Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-02-12 22:44:14 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-02-12 23:50:09 +0000 sys-libs/gwenhywfar: 4.19.0 version bump Thanks-to: Thomas Bettler <thomas.bettler@gmail.com> Bug: https://bugs.gentoo.org/582740 Bug: https://bugs.gentoo.org/640900 Closes: https://bugs.gentoo.org/644782 Package-Manager: Portage-2.3.24, Repoman-2.3.6 sys-libs/gwenhywfar/Manifest | 1 + sys-libs/gwenhywfar/gwenhywfar-4.19.0.ebuild | 116 +++++++++++++++++++++++++++ sys-libs/gwenhywfar/metadata.xml | 17 ++-- 3 files changed, 128 insertions(+), 6 deletions(-)}
Let's use this bug for stabilisation after the usual testing period.
In fact I would like to schedule this with kmymoney-5.0.0 for 2018-03-12 if possible.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26b5e6901708132469ce69fa967a6e1d2882c484 commit 26b5e6901708132469ce69fa967a6e1d2882c484 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-04-06 00:38:47 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-04-06 00:42:00 +0000 sys-libs/gwenhywfar: Drop vulnerable and Qt4-based Bug: https://bugs.gentoo.org/582740 Closes: https://bugs.gentoo.org/644782 Package-Manager: Portage-2.3.28, Repoman-2.3.9 sys-libs/gwenhywfar/Manifest | 1 - sys-libs/gwenhywfar/gwenhywfar-4.15.3-r1.ebuild | 62 ------------------------- sys-libs/gwenhywfar/gwenhywfar-4.15.3.ebuild | 59 ----------------------- 3 files changed, 122 deletions(-)}
ping sec
GLSA Vote: No Thanks, Andreas!