In bug 629466 Jeroen Roovers found that net-dns/libidn is vulnerible to the same CVE that net-dns/libidn2 is. References: http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=e9e81b8063b095b02cf104bb992fa9bf9515b9d8 @Maintainer: Please state when this package is ready for stabilization as the patch has been added.
Needs another libidn commit, it seems. http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=6c8a9375641ca283b50f9680c90dcd57f9c44798
@arches, please stabilize.
amd64 stable
x86 stable
Stable on alpha.
arm stable
ia64 stable
arm64 stable
ppc stable
commit 498c8ad85ef008c556f801bd887af6270c105040 Author: Jeroen Roovers <jer@gentoo.org> Date: Sun Mar 4 14:22:16 2018 +0100 net-dns/libidn: Stable for HPPA too.
ppc64 done. last arch done
@Maintainer please proceed to clean tree from vulnerable versions. GLSA Vote: No
@maintainer, please clean the vulnerable.