tomwij 14/05/16 14:15:35 Modified: ChangeLog package.mask Log: Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-0196.
Revision Changes Path 1.8969 profiles/ChangeLog file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/ChangeLog?rev=1.8969&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/ChangeLog?rev=1.8969&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/ChangeLog?r1=1.8968&r2=1.8969 Index: ChangeLog =================================================================== RCS file: /var/cvsroot/gentoo-x86/profiles/ChangeLog,v retrieving revision 1.8968 retrieving revision 1.8969 diff -u -r1.8968 -r1.8969 --- ChangeLog 16 May 2014 11:10:17 -0000 1.8968 +++ ChangeLog 16 May 2014 14:15:34 -0000 1.8969 @@ -1,11 +1,15 @@ # ChangeLog for profile directory # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/profiles/ChangeLog,v 1.8968 2014/05/16 11:10:17 grozin Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/ChangeLog,v 1.8969 2014/05/16 14:15:34 tomwij Exp $ # # This ChangeLog should include records for all changes in profiles directory. # Only typo fixes which don't affect portage/repoman behaviour could be avoided # here. If in doubt put a record here! + 16 May 2014; Tom Wijsman <tom...@gentoo.org> package.mask: + Mask gentoo-sources ebuilds that are affected with security bug + CVE-2014-0196. + 16 May 2014; Andrey Grozin <gro...@gentoo.org> package.mask: The masked version of gcl has been removed, removing the line in package.mask. 1.15693 profiles/package.mask file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?rev=1.15693&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?rev=1.15693&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?r1=1.15692&r2=1.15693 Index: package.mask =================================================================== RCS file: /var/cvsroot/gentoo-x86/profiles/package.mask,v retrieving revision 1.15692 retrieving revision 1.15693 diff -u -r1.15692 -r1.15693 --- package.mask 16 May 2014 11:10:18 -0000 1.15692 +++ package.mask 16 May 2014 14:15:34 -0000 1.15693 @@ -1,5 +1,5 @@ #################################################################### -# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.15692 2014/05/16 11:10:18 grozin Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.15693 2014/05/16 14:15:34 tomwij Exp $ # # When you add an entry to the top of this file, add your name, the date, and # an explanation of why something is getting masked. Please be extremely @@ -30,6 +30,27 @@ #--- END OF EXAMPLES --- +# Tom Wijsman <tom...@gentoo.org> (16 May 2014) +# Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-0196. +# +# The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through +# 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" +# case, which allows local users to cause a denial of service (memory corruption +# and system crash) or gain privileges by triggering a race condition involving +# read and write operations with long strings. +# +# https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-0196 +# +# 3.2.58 and 3.4.90 have revision bumps, for the other there are newer versions. +=sys-kernel/gentoo-sources-3.2.58 +~sys-kernel/gentoo-sources-3.4.89 +=sys-kernel/gentoo-sources-3.4.90 +~sys-kernel/gentoo-sources-3.10.39 +~sys-kernel/gentoo-sources-3.12.18 +~sys-kernel/gentoo-sources-3.12.19 +~sys-kernel/gentoo-sources-3.14.2 +~sys-kernel/gentoo-sources-3.14.3 + # Chí-Thanh Christopher Nguyễn <chith...@gentoo.org> (14 May 2014) # Depends on libevdev which still needs keywording, bug #487944 >=x11-drivers/xf86-input-evdev-2.8.99
