sys-apps/firejail version 0.9.44.2 is now available at https://firejail.wordpress.com/ Quote from News at above website: December 2016 – released Firejail 0.9.44.2 (Download). This is a maintenance and security release for version 0.9.44. We strongly encourage you to update the software.
is it correct, that we have old versions without fix for the CVE in the tree?
Multiple fixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c @ Maintainer(s): Please bump to =sys-apps/firejail-0.9.44.2
0.9.44.2 has been submitted.
Please stabilize.
I will remove 0.9.38.2 as soon as 0.9.38.4 is stabilized as well.
amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
GLSA requested.
Quoting netblue30 (firejail developer) about 0.9.38: > The security problems fixed in 0.9.44.2 don't affect 0.9.38. They've > been introduced introduced after 0.9.38 release. However, I do have some > bug fixes, small things like vlc crashing and security improvements > coming. Also, I started backporting some new security features. I hope > to have the next LTS release out in early January. I have bumped 0.9.42.2 and removed 0.9.42. There's no vulnerable version in the tree. 0.9.38.4 LTS is in the tree with ~amd64 keyword. I will reopen bug 602034 to stabilize LTS version as well, but it's not related to this bug any more.
It appears upstream might have forgotten about one fix. I have backported <https://github.com/netblue30/firejail/commit/4f4e59c7529888339fe2337dc893984eb7833d01> in 0.9.38.4-r1.
(In reply to Amadeusz Żołnowski from comment #9) > It appears upstream might have forgotten about one fix. I have backported > <https://github.com/netblue30/firejail/commit/ > 4f4e59c7529888339fe2337dc893984eb7833d01> in 0.9.38.4-r1. Ready for stable?
Upstream said he's going to release this soon, maybe even today, so I think it's better wait for that. I'll update tomorrow.
Upstream has released 0.9.38.6 with the security fix. I have split firejail into sys-apps/firejail-lts and sys-apps/firejail (bleeding-edge). Please stabilize sys-apps/firejail-0.9.38.6.
Please stabilize sys-apps/firejail-lts-0.9.38.6, not sys-apps/firejail-0.9.38.6. Sorry.
Stable on amd64.
This issue was resolved and addressed in GLSA 201612-48 at https://security.gentoo.org/glsa/201612-48 by GLSA coordinator Aaron Bauman (b-man).
