* CVE-2019-19917 Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. * CVE-2019-19918 Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
No revdeps, m-n, seems dead upstream based on the email thread at $URL. CCing treecleaner.
removing such a package over a triviality like this is most unethical.
(In reply to James Cloos from comment #2) > removing such a package over a triviality like this is most unethical. Patches welcome!
Package list is empty or all packages have requested keywords.
(In reply to James Cloos from comment #2) > removing such a package over a triviality like this is most unethical. That's not really an acceptable accusation, and you should apologize and take it back. The package is unmaintained both upstream and in Gentoo. If you want to change one or both of those, please be our guest. Unfortunately we're not equipped to handle every piece of software ever with our finite resources. I'd expect that you know that given the amount of time you've been around Gentoo, FreeDesktop, and free software in general.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6e5f6c2919ee7b524a94ba3164fcf3a07f3c158 commit a6e5f6c2919ee7b524a94ba3164fcf3a07f3c158 Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2021-08-24 12:38:32 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-08-24 12:38:32 +0000 app-text/lout: Remove last-rited package Closes: https://bugs.gentoo.org/715936 Bug: https://bugs.gentoo.org/752408 Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> Signed-off-by: David Seifert <soap@gentoo.org> app-text/lout/Manifest | 1 - app-text/lout/files/lout-3.38-makefile.patch | 33 ----------- app-text/lout/lout-3.40.ebuild | 85 ---------------------------- app-text/lout/metadata.xml | 8 --- profiles/package.mask | 5 -- 5 files changed, 132 deletions(-)
I guess no GLSA, given it's gone for almost a year? ;-)
Sure! All done.