Summary: | <dev-lang/erlang-17.3: command injection flaw in FTP module (CVE-2014-1693) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | aidecoe, djc |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1059331 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 576398 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2014-01-31 09:10:01 UTC
We can stabilize erlang-17.3 for this, which has the fix. amd64 stable x86 stable ppc stable ppc64 stable sparc stable Stable on alpha. Security team, ping? I think this can be closed, we've long since stabilized 17.5. Looking at the CVE and mailing lists I cannot confirm the versioning. Hopefully you can provide expertise on the R15B03 reference to which this was tested? Basically, is 15.2.3.1 vulnerable? I'm all for removing it. Amadeusz, how are we doing on ejabberd stuff? That is, I agree that 15.2.3.1 is probably vulnerable, although I can't find any definitive information on it, either. (In reply to Dirkjan Ochtman from comment #10) > I'm all for removing it. Amadeusz, how are we doing on ejabberd stuff? I'm about to request stabilization for amd64, arm, ppc, x86, but I've just got keywords for ~ia64 and soon I may have it for ~sparc which means we will have to wait a bit for stabilization, unless... there's a way around this. Removed the final vulnerable version from the tree. @ Security: Please vote. GLSA Vote: No |