Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 920682 - <dev-lang/erlang-26.2.1: Terrapin vulnerability
Summary: <dev-lang/erlang-26.2.1: Terrapin vulnerability
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.erlang.org/patches/otp-26...
Whiteboard: B3 [glsa? cleanup]
Keywords: PullRequest
Depends on: 920683
Blocks: CVE-2023-48795
  Show dependency tree
 
Reported: 2023-12-25 08:56 UTC by Matthew Smith
Modified: 2024-05-04 07:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Smith gentoo-dev 2023-12-25 08:56:50 UTC 
dev-lang/erlang-26.2.1 contains the mitigation for the Terrapin vulnerability.
Comment 1 Larry the Git Cow gentoo-dev 2023-12-25 09:03:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eebdfb3943fe789c6fdaf1e87f2e774d38c70521

commit eebdfb3943fe789c6fdaf1e87f2e774d38c70521
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2023-12-25 09:02:55 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2023-12-25 09:03:27 +0000

    dev-lang/erlang: add 26.2.1
    
    Bug: https://bugs.gentoo.org/920682
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 dev-lang/erlang/Manifest             |   1 +
 dev-lang/erlang/erlang-26.2.1.ebuild | 183 +++++++++++++++++++++++++++++++++++
 2 files changed, 184 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-04-23 13:11:07 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e84fe19de28ec79f89bc70312ee277133d540e8e

commit e84fe19de28ec79f89bc70312ee277133d540e8e
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2024-04-19 07:35:18 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2024-04-23 13:10:29 +0000

    profiles: mask <dev-lang/erlang-26.2.1
    
    Previous versions contain vulnerabilities.
    
    Keep the old versions around for a month to give users more time to
    update.
    
    Bug: https://bugs.gentoo.org/920682
    Signed-off-by: Matthew Smith <matthew@gentoo.org>
    Closes: https://github.com/gentoo/gentoo/pull/36320
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 profiles/package.mask | 8 ++++++++
 1 file changed, 8 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2024-05-04 07:46:56 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83baaf51d64218386514f6b3300f3019009ca4a6

commit 83baaf51d64218386514f6b3300f3019009ca4a6
Author:     Haelwenn (lanodan) Monnier <contact@hacktivis.me>
AuthorDate: 2024-05-03 23:05:35 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2024-05-04 07:45:15 +0000

    profiles/package.mask: Fix over-reaching mask on dev-lang/elixir
    
    dev-lang/elixir-1.14.5-r2 is compatible with erlang-26.2
    
    Bug: https://bugs.gentoo.org/920682
    Signed-off-by: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 profiles/package.mask | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)