906798 – [Tracker] Vulnerabilities in sequoia-openpgp and buffered-reader crates

Bug 906798 - [Tracker] Vulnerabilities in sequoia-openpgp and buffered-reader crates

Summary: [Tracker] Vulnerabilities in sequoia-openpgp and buffered-reader crates

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:	Tracker

Depends on:	906799 906800 906801
Blocks:
	Show dependency tree

Reported:	2023-05-20 03:47 UTC by Sam James
Modified:	2023-06-19 01:15 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2023-05-20 03:47:19 UTC

See https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/

We need to upgrade the crates using e.g.
* cargo update -p buffered-reader --precise 1.2.0
* cargo update -p sequoia-openpgp --precise 1.16.0
and then update CRATES in the ebuilds, as well as applying a diff from ^ to update Cargo.lock.

Comment 1 Sam James archtester

2023-05-20 03:50:40 UTC

flow, I think it probably makes sense for us to share maintainership for all 3 of these?

Comment 2 Florian Schmaus gentoo-dev

2023-05-20 09:35:14 UTC

> flow, I think it probably makes sense for us to share maintainership for all 3 of these?

Of course. I'm glad to have you on board. I had not much time for sequoia lately.

Comment 3 Sam James archtester

2023-06-19 01:15:31 UTC

(thanks!)