https://notmuchmail.org/releases/notmuch-0.29.3.tar.xz * Fix for use-after-free in notmuch_config_list_{key,val}. * Fix for double close of file in notmuch-dump. Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7b44fa58efd3f42ff1186459a63c8c27e64e419 commit c7b44fa58efd3f42ff1186459a63c8c27e64e419 Author: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org> AuthorDate: 2019-11-27 23:10:29 +0000 Commit: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org> CommitDate: 2019-11-27 23:11:53 +0000 net-mail/notmuch: Bump to 0.29.3 Remove 0.29.2-r1 as 0.29.3 has the backported patch and one more additional fix. Bug: https://bugs.gentoo.org/701350 Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org> net-mail/notmuch/Manifest | 1 + ...dump.c-Fix-output-file-being-closed-twice.patch | 20 ------- ...-Use-loopback-IP-address-rather-than-name.patch | 61 ++++++++++++++++++++++ ...much-0.29.2-r1.ebuild => notmuch-0.29.3.ebuild} | 1 - 4 files changed, 62 insertions(+), 21 deletions(-)
Gentoo Security Team, shall we stabilise now?
please stabilise =net-mail/notmuch-0.29.3
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e705c4ca0409cb296a8e79c5adccc633456d0406 commit e705c4ca0409cb296a8e79c5adccc633456d0406 Author: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org> AuthorDate: 2020-02-01 23:32:54 +0000 Commit: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org> CommitDate: 2020-02-01 23:37:04 +0000 net-mail/notmuch: Remove vulnerable versions Bug: https://bugs.gentoo.org/701350 Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org> net-mail/notmuch/Manifest | 2 - ...-Use-loopback-IP-address-rather-than-name.patch | 61 ------ ...-Use-loopback-IP-address-rather-than-name.patch | 62 ------ .../0002-Fix-jobserver-unavailable-warning.patch | 26 --- net-mail/notmuch/notmuch-0.28.4.ebuild | 232 -------------------- net-mail/notmuch/notmuch-0.29.2.ebuild | 233 --------------------- 6 files changed, 616 deletions(-)
GLSA Vote: No! Repository is clean, all done.