CVE-2015-3282 through CVE-2015-3285 are linux specific and all versions in the repo are affected. CVE-2015-3286 is solaris kernel specific and only 1.6.12 is affected.
All of these are fixed in the release 1.6.13 which just came out. Haven't had the opportunity to test the patches from upstream to patch the versions in the Gentoo repo.
Advisories from upstream:
All affected ebuilds have been patched in their -r1s in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=526f3a75301840d7e04e436ca06aaa341b006d2c.
Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13
allows local users to cause a denial of service (panic or deadlock) or
possibly have other unspecified impact via a large group list when joining a
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong
pointer when writing the results of the RPC, which allows local users to
cause a denial of service (memory corruption and kernel panic) via a crafted
OSD FS command.
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel
memory via crafted commands.
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote
attackers to obtain stack data by sniffing the network.
What version would you like to stabilize?
(In reply to Yury German from comment #4)
> What version would you like to stabilize?
1.6.14 looks too new, so 1.6.12-r1 seems to be a reasonable choise.
1.6.12-r1 stable for amd64 and x86.
CC'ing sparc team for STABLEREQ.
Sorry about that, mixed up keywording and stabilization in my head. reverted my stabilization of 1.6.12-r1 for amd64 and x86.
Arches, please test and mark stable:
Target Keywords : "amd64 sparc x86"
Maintainer(s), please cleanup.
Security, please vote.
GLSA Vote: No
GLSA Vote: No
Maintainer(s), please drop the vulnerable version(s).
All vulnerable versions are removed from the tree.
Thank you all. Closing as noglsa.