tomwij 14/06/06 00:24:16 Modified: package.mask Log: Drop CVE-2014-0196 mask, its ebuilds are dropped; introduce preliminary CVE-2014-3153 mask, more revision bumps and masks for branches 3.2 and 3.4 will follow as those patches get backported (as well as mask for other branches pending stabilization).
Revision Changes Path 1.15762 profiles/package.mask file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?rev=1.15762&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?rev=1.15762&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/profiles/package.mask?r1=1.15761&r2=1.15762 Index: package.mask =================================================================== RCS file: /var/cvsroot/gentoo-x86/profiles/package.mask,v retrieving revision 1.15761 retrieving revision 1.15762 diff -u -r1.15761 -r1.15762 --- package.mask 5 Jun 2014 08:37:00 -0000 1.15761 +++ package.mask 6 Jun 2014 00:24:15 -0000 1.15762 @@ -1,5 +1,5 @@ #################################################################### -# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.15761 2014/06/05 08:37:00 pinkbyte Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.15762 2014/06/06 00:24:15 tomwij Exp $ # # When you add an entry to the top of this file, add your name, the date, and # an explanation of why something is getting masked. Please be extremely @@ -30,6 +30,24 @@ #--- END OF EXAMPLES --- +# Tom Wijsman <[email protected]> (16 May 2014) +# Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-3153. +# +# Pinkie Pie discovered an issue in the futex subsystem that allows a +# local user to gain ring 0 control via the futex syscall. An +# unprivileged user could use this flaw to crash the kernel (resulting +# in denial of service) or for privilege escalation. +# +# https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-3153 +# +# More revision bumps and masks will occur as soon as possible. +~sys-kernel/gentoo-sources-3.10.40 +=sys-kernel/gentoo-sources-3.10.41 +~sys-kernel/gentoo-sources-3.12.20 +=sys-kernel/gentoo-sources-3.12.21 +~sys-kernel/gentoo-sources-3.14.4 +=sys-kernel/gentoo-sources-3.14.5 + # Hans de Graaff <[email protected]> (2 Jun 2014) # Mask old slots and packages for removal in 30 days since SRC_URI # still points to rubyforge mirrors, bug 512132. These are all leaf @@ -146,27 +164,6 @@ # Masked for removal in 30 days, bug 505628. games-emulation/neopocott -# Tom Wijsman <[email protected]> (16 May 2014) -# Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-0196. -# -# The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through -# 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" -# case, which allows local users to cause a denial of service (memory corruption -# and system crash) or gain privileges by triggering a race condition involving -# read and write operations with long strings. -# -# https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-0196 -# -# 3.2.58 and 3.4.90 have revision bumps, for the other there are newer versions. -=sys-kernel/gentoo-sources-3.2.58 -~sys-kernel/gentoo-sources-3.4.89 -=sys-kernel/gentoo-sources-3.4.90 -~sys-kernel/gentoo-sources-3.10.39 -~sys-kernel/gentoo-sources-3.12.18 -~sys-kernel/gentoo-sources-3.12.19 -~sys-kernel/gentoo-sources-3.14.2 -~sys-kernel/gentoo-sources-3.14.3 - # Chí-Thanh Christopher Nguyễn <[email protected]> (14 May 2014) # Depends on libevdev which still needs keywording, bug #487944 >=x11-drivers/xf86-input-evdev-2.8.99
