www-apps/phprojekt is an abandoned project upstream and includes the vulnerable ZendFramework 1.10.7 in phprojekt-6.1.2 Suggest tree cleaning this security vulnerable package.
@Maintainers ping. Zend Framework is already removed from tree.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8811e877bda00b74a3d541305d868df55d3dfb64 commit 8811e877bda00b74a3d541305d868df55d3dfb64 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2018-07-23 14:08:24 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2018-07-23 14:10:00 +0000 www-apps/phprojekt: Package Removal Bug: https://bugs.gentoo.org/650936 profiles/package.mask | 4 --- www-apps/phprojekt/Manifest | 1 - www-apps/phprojekt/files/postinstall-6-en.txt | 9 ------ www-apps/phprojekt/metadata.xml | 11 -------- www-apps/phprojekt/phprojekt-6.1.2.ebuild | 40 --------------------------- 5 files changed, 65 deletions(-)
Oops, sorry, I closed a security bug before noticing that it was a security bug. But then again, now that the package is removed, there's nothing left to do, right?
Package was stable on x86 so we have to write a removal GLSA, new request filed.
This issue was resolved and addressed in GLSA 201811-05 at https://security.gentoo.org/glsa/201811-05 by GLSA coordinator Thomas Deutschmann (whissi).