ROOT version 6.9.03 and below is vulnerable to an authenticated shell
metacharacter injection in the rootd daemon resulting in remote code
@Maintainers please call for stabilization when ready.
New releases of ROOT 5.34, 6.10, and 6.12 will be out soon (early December).
When that happens, I will bump the packages and cleanup old versions.
The bug has been closed via the following commit(s):
Author: Guilherme Amadio <email@example.com>
AuthorDate: 2018-07-05 09:27:18 +0000
Commit: Guilherme Amadio <firstname.lastname@example.org>
CommitDate: 2018-07-05 11:05:00 +0000
sci-physics/root: drop old
Package-Manager: Portage-2.3.41, Repoman-2.3.9
sci-physics/root/Manifest | 1 -
.../root/files/root-5.28.00b-glibc212.patch | 11 -
sci-physics/root/files/root-5.32.00-cfitsio.patch | 13 -
sci-physics/root/files/root-5.32.00-chklib64.patch | 24 --
sci-physics/root/files/root-5.32.00-dotfont.patch | 58 ---
.../root/files/root-5.34.05-nobyte-compile.patch | 137 -------
sci-physics/root/files/root-5.34.13-unuran.patch | 40 --
sci-physics/root/files/root-5.34.26-ldflags.patch | 19 -
sci-physics/root/metadata.xml | 3 -
sci-physics/root/root-5.34.36.ebuild | 441 ---------------------
10 files changed, 747 deletions(-)
ROOT 5.34 is no longer in the tree. ROOT 6.12/06 has been available for a while, and was just bumped to 6.14/00, so no affected versions are in the tree anymore. Since no stable version is in the tree, I think this bug can now be closed. I've reopened to let the security team confirm before closing.