Created attachment 475058 [details, diff] CVE-2016-3189.patch current app-arch/bzip2-1.0.6-r7 affected CVE-2016-3189
Thank you
commit fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0 (HEAD -> master, origin/master, origin/HEAD) Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sat Jun 3 13:48:46 2017 app-arch/bzip2: Security revbump to fix CVE-2016-3189 (bug #620466). Package-Manager: Portage-2.3.6, Repoman-2.3.2
Arches please test and mark stable =app-arch/bzip2-1.0.6-r8 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd
A duplicate of 586670, however, a READ issue in a command line tool is not considered cve-worthy, so this is not a security issue at all.
amd64 stable
x86 stable
Stable on alpha.
ia64 stable
*** Bug 586670 has been marked as a duplicate of this bug. ***
New GLSA request filed.
arm stable
sparc stable
ppc64 stable
ppc stable
Arches or maintainers please stabilize for Hippo ASAP. Security will release GLSA for this in 7 days with or without hppa arch being stable.
This issue was resolved and addressed in GLSA 201708-08 at https://security.gentoo.org/glsa/201708-08 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architecture.
hppa stabilization (see Bug #629554) Maintainer(s), please drop the vulnerable version(s).
stable for hppa (thank to Dakon) Last arch is done here.
Thank you, @Maintainers please let us know when all vulnerable versions are dropped from tree. Gentoo Security Padawan ChrisADR
Maintainer(s), please drop the vulnerable version(s). New month (October), vulnerable version still in tree.
Cleaned up via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6eb83da9c38ad23a3dd6acdb8691dd51de94bc5 Repository is clean, all done.
