Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 712704 - net-p2p/fms should not depend on <net-libs/mbedtls-2.19.0 for security
Summary: net-p2p/fms should not depend on <net-libs/mbedtls-2.19.0 for security
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Stabilization (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Thomas Sachau
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2019-16910
  Show dependency tree
 
Reported: 2020-03-15 14:35 UTC by Anthony Basile
Modified: 2020-03-27 18:00 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anthony Basile gentoo-dev 2020-03-15 14:35:16 UTC 
We need to remove all versions <net-libs/mbedtls-2.19.0 for security, see bug #711180.  This means =net-p2p/fms-0.3.81.ebuild.

Reproducible: Always
Comment 1 Thomas Sachau gentoo-dev 2020-03-18 18:06:44 UTC 
net-p2p/fms-0.3.81 does not compile with the newer slot, so nothing i can do about that dependency. But i notified upstream about the issue and they released a new version, which works with the current version. I just added the new version and will remove the old version in a few days, if no major bugs are comming in.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-25 19:25:03 UTC 
(In reply to Thomas Sachau from comment #1)
> net-p2p/fms-0.3.81 does not compile with the newer slot, so nothing i can do
> about that dependency. But i notified upstream about the issue and they
> released a new version, which works with the current version. I just added
> the new version and will remove the old version in a few days, if no major
> bugs are comming in.

How're we doing on this front?
Comment 3 Thomas Sachau gentoo-dev 2020-03-27 17:38:06 UTC 
Old version dropped.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-27 18:00:40 UTC 
(In reply to Thomas Sachau from comment #3)
> Old version dropped.

Thanks!