Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8

2013-11-08 Thread hasufell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/08/2013 04:18 PM, Diego Elio Pettenò wrote: > > On Fri, Nov 8, 2013 at 5:22 AM, "Paweł Hajdan, Jr." > mailto:phajdan...@gentoo.org>> wrote: > > Problem #1 is that sci-geosciences/osgearth-2.4 depends on > =dev-lang/v8-3.18.5.14 (see >

Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8

2013-11-08 Thread Peter Stuge
Diego Elio Pettenò wrote: > > Problem #1 is that sci-geosciences/osgearth-2.4 depends on > > =dev-lang/v8-3.18.5.14 (see > > for context). It > > doesn't work with more recent v8, but it can be made to not depend on v8. > > If "made not to depend" m

Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8

2013-11-08 Thread Diego Elio Pettenò
On Fri, Nov 8, 2013 at 5:22 AM, "Paweł Hajdan, Jr." wrote: > Problem #1 is that sci-geosciences/osgearth-2.4 depends on > =dev-lang/v8-3.18.5.14 (see > for context). It > doesn't work with more recent v8, but it can be made to not depend on v8. > I

Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8

2013-11-08 Thread Rich Freeman
On Fri, Nov 8, 2013 at 9:42 AM, Ian Stakenvicius wrote: > I'm still a little concerned about the potential security issues > caused by embedded V8's in projects, but as we've already concluded in > that other thread, there's no other way until the API stabilizes.. Yup. When a project uses a libr

Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8

2013-11-08 Thread Ian Stakenvicius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/11/13 12:22 AM, "Paweł Hajdan, Jr." wrote: > For some context of this please see > > > v8-3.20.17.7 fixes a memory corruption vulnerability, see >

[gentoo-dev] removing vulnerable versions of dev-lang/v8

2013-11-07 Thread Paweł Hajdan, Jr.
For some context of this please see v8-3.20.17.7 fixes a memory corruption vulnerability, see However, we still have v8-3.19 and even 3.18 in portage - this is pr