Comment 1 Vlastimil Babka (Caster) (RETIRED) 2010-04-27 08:59:58 UTC

Seems like the vulnerability is in jcodings, which is stable, but jruby not. I'm not sure if/how it can manifest in jcodings itself, or other reverse dependencies (which are however also jruby-related), besides through jruby.

Reverse DEPEND for dev-java/jcodings: dev-java/bytelist-1.0.2 dev-java/joni-1.1.3 dev-java/jruby-1.3.1-r1 dev-java/jruby-1.4.0-r4 dev-java/jruby-1.4.0-r5 dev-java/jruby-1.4.0-r6 dev-java/jvyamlb-0.2.5

Comment 2 Vlastimil Babka (Caster) (RETIRED) 2010-04-27 09:28:15 UTC

OK, bumped both jcodings and jruby (which was probably not necessary, but rather to avoid confusion) with updated dependency.

Arches please stabilize:
dev-java/jcodings-1.0.4

=dev-java/jcodings-1.0.4 builds fine on x86. Tested rdeps =dev-java/bytelist-1.0.2, =dev-java/joni-1.1.3 and =dev-java/jvyamlb-0.2.5 (jruby is not stable).
I don't know how to really test this, but the test suites of bytelist and jvyamlb didn't give any problems. I guess this is fine then.

Please mark =dev-java/jcodings-1.0.4 stable for x86.

Comment 4 Paweł Hajdan, Jr. (RETIRED) 2010-04-28 13:59:16 UTC

x86 stable, thanks Myckel

Comment 5 Markus Meier 2010-05-15 13:22:07 UTC

amd64 stable, all arches done.

Comment 6 Stefan Behte (RETIRED) 2010-05-22 10:38:05 UTC

Closing noglsa.