CVE requested from Mitre just now, release 1.1.0 expected soon.
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a666d0693261ff26090f2e000e16e52282a70d7 commit 4a666d0693261ff26090f2e000e16e52282a70d7 Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2022-02-24 15:36:45 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2022-02-24 15:40:45 +0000 sys-apps/usbguard: 1.1.0 Bug: https://bugs.gentoo.org/833947 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.30, Repoman-3.0.3 sys-apps/usbguard/Manifest | 1 + sys-apps/usbguard/usbguard-1.1.0.ebuild | 96 +++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+)
Thanks! Please cleanup when ready.
(In reply to Sam James from comment #3) > Thanks! Please cleanup when ready. I would like to wait a few days and see if we get bug reports about 1.1.0. Version 1.0.0 is only vulnerable where D-Bus is enabled and used. Let me add that info to the bug title and then we drop 1.0.0 in few days, okay?
(In reply to Sebastian Pipping from comment #4) > (In reply to Sam James from comment #3) > > Thanks! Please cleanup when ready. > > I would like to wait a few days and see if we get bug reports about 1.1.0. > Version 1.0.0 is only vulnerable where D-Bus is enabled and used. Let me > add that info to the bug title and then we drop 1.0.0 in few days, okay? Yes, if we are not ready to cleanup yet we're happy to defer to defer to maintainers here!
The regression at https://github.com/USBGuard/usbguard/issues/540 in 1.1.0 may be of interest, with regard to removal of 1.0.0. In case there is no 1.1.1 soon, we could backport the related pull request.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65a99533a3f0dc42fb8c466a2e87b4fac823ce0e commit 65a99533a3f0dc42fb8c466a2e87b4fac823ce0e Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2022-03-15 20:45:44 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2022-03-15 20:47:13 +0000 sys-apps/usbguard: Drop vulnerable Bug: https://bugs.gentoo.org/833947 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.30, Repoman-3.0.3 sys-apps/usbguard/Manifest | 1 - .../usbguard-1.0.0-bash-completion-configure.patch | 105 --------------------- .../files/usbguard-1.0.0-pthreads-link.patch | 36 ------- sys-apps/usbguard/usbguard-1.0.0-r2.ebuild | 100 -------------------- sys-apps/usbguard/usbguard-1.0.0-r4.ebuild | 102 -------------------- sys-apps/usbguard/usbguard-1.0.0-r5.ebuild | 103 -------------------- 6 files changed, 447 deletions(-)
Thanks, all done!