Details at https://libexpat.github.io/doc/cve-2017-9233/ .
commit 2466807370676c8702e2512e1742cbf6a1aa1bd4 Author: Sebastian Pipping <sping@g.o> Date: Sat Jun 17 21:10:10 2017 +0200 dev-libs/expat: 2.2.1 (bug #622046) Package-Manager: Portage-2.3.6, Repoman-2.3.2 dev-libs/expat/Manifest | 1 + dev-libs/expat/expat-2.2.1.ebuild | 78 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) https://github.com/gentoo/gentoo/commit/2466807370676c8702e2512e1742cbf6a1aa1bd4
amd64 stable
x86 stable
Stable on alpha.
ppc stable
ppc64 stable
arm stable
ia64 stable
sparc stable
Arches, please finish stabilizing hppa Gentoo Security Padawan ChrisADR
arm64 done
hppa is done (thanks to Dakon)
@maintainer(s), please cleanup. GLSA Vote: No
(In reply to Aaron Bauman from comment #13) > @maintainer(s), please cleanup. I notice now that arches m68k, s390 and sh are stable on 2.2.0-r1 but not on 2.2.1. Are you sure we don't stabilize these arches any more and that 2.2.0-r1 can be removed already? # eshowkw Keywords for dev-libs/expat: | | u | | a a p a n r s | n | | l m h i p r m m i i s p | e u s | r | p d a p a p c x m i 6 o s 3 a | a s l | e | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o ------------+---------------------------------+-------+------- 2.2.0-r1 | + + + + + + + + + ~ + o o + + + | 5 o 0 | gentoo 2.2.0-r2 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 # | gentoo 2.2.1 | + + + + + + + + + ~ ~ o o ~ ~ + | 6 o | gentoo 2.2.2 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 # | gentoo 2.2.3 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 # | gentoo [I]2.2.4 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 o | gentoo
(In reply to Sebastian Pipping from comment #14) > (In reply to Aaron Bauman from comment #13) > > @maintainer(s), please cleanup. > > I notice now that arches m68k, s390 and sh are stable on 2.2.0-r1 but not on > 2.2.1. Are you sure we don't stabilize these arches any more and that > 2.2.0-r1 can be removed already? > > > # eshowkw > Keywords for dev-libs/expat: > | | u | > | a a p a n r s | n | > | l m h i p r m m i i s p | e u s | r > | p d a p a p c x m i 6 o s 3 a | a s l | e > | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p > | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o > ------------+---------------------------------+-------+------- > 2.2.0-r1 | + + + + + + + + + ~ + o o + + + | 5 o 0 | gentoo > 2.2.0-r2 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 # | gentoo > 2.2.1 | + + + + + + + + + ~ ~ o o ~ ~ + | 6 o | gentoo > 2.2.2 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 # | gentoo > 2.2.3 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 # | gentoo > [I]2.2.4 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ ~ | 6 o | gentoo Those arches no longer have stable profiles, so we are no longer obliged to maintain their depgraph.
(In reply to Michael Palimaka (kensington) from comment #15) > Those arches no longer have stable profiles, so we are no longer obliged to > maintain their depgraph. Alright! commit 2f110fc7f69c366f738bbe03b74157d503fde59b Author: Sebastian Pipping <sping@g.o> Date: Tue Sep 12 15:10:54 2017 +0200 dev-libs/expat: Remove old (bug 622046) Package-Manager: Portage-2.3.8, Repoman-2.3.3 dev-libs/expat/Manifest | 3 - dev-libs/expat/expat-2.2.0-r1.ebuild | 91 ---------------------- dev-libs/expat/expat-2.2.0-r2.ebuild | 83 -------------------- dev-libs/expat/expat-2.2.2.ebuild | 78 ------------------- dev-libs/expat/expat-2.2.3.ebuild | 78 ------------------- .../expat-2.1.1-CVE-2016-0718-regression.patch | 27 ------- 6 files changed, 360 deletions(-) https://github.com/gentoo/gentoo/commit/2f110fc7f69c366f738bbe03b74157d503fde59b
Thank you all. Closing as already voted as noglsa and tree is clean from vulnerable versions. Gentoo Security Padawan ChrisADR