From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-697121-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (unknown [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DD8B41381FA for <garchives@archives.gentoo.org>; Fri, 16 May 2014 14:15:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 62839E0BE4; Fri, 16 May 2014 14:15:38 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D9697E0BE4 for <gentoo-commits@lists.gentoo.org>; Fri, 16 May 2014 14:15:37 +0000 (UTC) Received: from flycatcher.gentoo.org (unknown [81.93.255.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7823733FD17 for <gentoo-commits@lists.gentoo.org>; Fri, 16 May 2014 14:15:36 +0000 (UTC) Received: by flycatcher.gentoo.org (Postfix, from userid 2335) id 23E7B2004C; Fri, 16 May 2014 14:15:35 +0000 (UTC) From: "Tom Wijsman (tomwij)" <tomwij@gentoo.org> To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, tomwij@gentoo.org Subject: [gentoo-commits] gentoo-x86 commit in profiles: ChangeLog package.mask X-VCS-Repository: gentoo-x86 X-VCS-Files: ChangeLog package.mask X-VCS-Directories: profiles X-VCS-Committer: tomwij X-VCS-Committer-Name: Tom Wijsman Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Message-Id: <20140516141535.23E7B2004C@flycatcher.gentoo.org> Date: Fri, 16 May 2014 14:15:35 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 7b69a40f-7781-48ec-9a06-2a389e751afd X-Archives-Hash: a685d8b8d4ebd90a36ee04085c8ae178 tomwij 14/05/16 14:15:35 Modified: ChangeLog package.mask Log: Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-0196. Revision Changes Path 1.8969 profiles/ChangeLog file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/ChangeLog?rev=1.8969&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/ChangeLog?rev=1.8969&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/ChangeLog?r1=1.8968&r2=1.8969 Index: ChangeLog =================================================================== RCS file: /var/cvsroot/gentoo-x86/profiles/ChangeLog,v retrieving revision 1.8968 retrieving revision 1.8969 diff -u -r1.8968 -r1.8969 --- ChangeLog 16 May 2014 11:10:17 -0000 1.8968 +++ ChangeLog 16 May 2014 14:15:34 -0000 1.8969 @@ -1,11 +1,15 @@ # ChangeLog for profile directory # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/profiles/ChangeLog,v 1.8968 2014/05/16 11:10:17 grozin Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/ChangeLog,v 1.8969 2014/05/16 14:15:34 tomwij Exp $ # # This ChangeLog should include records for all changes in profiles directory. # Only typo fixes which don't affect portage/repoman behaviour could be avoided # here. If in doubt put a record here! + 16 May 2014; Tom Wijsman <TomWij@gentoo.org> package.mask: + Mask gentoo-sources ebuilds that are affected with security bug + CVE-2014-0196. + 16 May 2014; Andrey Grozin <grozin@gentoo.org> package.mask: The masked version of gcl has been removed, removing the line in package.mask. 1.15693 profiles/package.mask file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?rev=1.15693&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?rev=1.15693&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?r1=1.15692&r2=1.15693 Index: package.mask =================================================================== RCS file: /var/cvsroot/gentoo-x86/profiles/package.mask,v retrieving revision 1.15692 retrieving revision 1.15693 diff -u -r1.15692 -r1.15693 --- package.mask 16 May 2014 11:10:18 -0000 1.15692 +++ package.mask 16 May 2014 14:15:34 -0000 1.15693 @@ -1,5 +1,5 @@ #################################################################### -# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.15692 2014/05/16 11:10:18 grozin Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.15693 2014/05/16 14:15:34 tomwij Exp $ # # When you add an entry to the top of this file, add your name, the date, and # an explanation of why something is getting masked. Please be extremely @@ -30,6 +30,27 @@ #--- END OF EXAMPLES --- +# Tom Wijsman <TomWij@gentoo.org> (16 May 2014) +# Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-0196. +# +# The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through +# 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" +# case, which allows local users to cause a denial of service (memory corruption +# and system crash) or gain privileges by triggering a race condition involving +# read and write operations with long strings. +# +# https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-0196 +# +# 3.2.58 and 3.4.90 have revision bumps, for the other there are newer versions. +=sys-kernel/gentoo-sources-3.2.58 +~sys-kernel/gentoo-sources-3.4.89 +=sys-kernel/gentoo-sources-3.4.90 +~sys-kernel/gentoo-sources-3.10.39 +~sys-kernel/gentoo-sources-3.12.18 +~sys-kernel/gentoo-sources-3.12.19 +~sys-kernel/gentoo-sources-3.14.2 +~sys-kernel/gentoo-sources-3.14.3 + # Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> (14 May 2014) # Depends on libevdev which still needs keywording, bug #487944 >=x11-drivers/xf86-input-evdev-2.8.99