Summary: | <dev-lang/scala-2.12.4: Privilege escalation vulnerability (CVE-2017-15288) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | java, pacho |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
dev-lang/scala-2.12.4
dev-lang/scala-2.11.11
dev-java/sbt-0.13.13
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 466558 |
Description
GLSAMaker/CVETool Bot
2017-11-17 14:58:02 UTC
@Maintainers please call for stabilization when ready. Thank you 2.12.4 will also drop the dep on obsolete ant-trax An automated check of this bug failed - repoman reported dependency errors (30 lines truncated):
> dependency.bad dev-lang/scala/scala-2.12.4.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-java/sbt-0.13.13']
> dependency.bad dev-lang/scala/scala-2.12.4.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-java/sbt-0.13.13']
> dependency.bad dev-lang/scala/scala-2.12.4.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop/gnome) ['>=dev-java/sbt-0.13.13']
An automated check of this bug failed - repoman reported dependency errors (63 lines truncated):
> dependency.bad dev-java/sbt/sbt-0.13.13.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-lang/scala-2.11.8:2.11']
> dependency.bad dev-java/sbt/sbt-0.13.13.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-lang/scala-2.11.8:2.11']
> dependency.bad dev-java/sbt/sbt-0.13.13.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-lang/scala-2.11.8:2.11']
An automated check of this bug failed - repoman reported dependency errors (63 lines truncated):
> dependency.bad dev-java/sbt/sbt-0.13.13.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-lang/scala-2.11.8:2.11']
> dependency.bad dev-java/sbt/sbt-0.13.13.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-lang/scala-2.11.8:2.11']
> dependency.bad dev-java/sbt/sbt-0.13.13.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-lang/scala-2.11.8:2.11']
x86 stable amd64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f2be6ee0e607f7731e2cffdda8d39268ecd1c8f commit 5f2be6ee0e607f7731e2cffdda8d39268ecd1c8f Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2018-11-01 10:49:14 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2018-11-01 10:49:14 +0000 dev-lang/scala: Drop vulnerable versions Bug: https://bugs.gentoo.org/637940 Signed-off-by: Pacho Ramos <pacho@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 dev-lang/scala/Manifest | 176 ---------------- dev-lang/scala/files/scala-2.11.1-no-git.patch | 24 --- dev-lang/scala/files/scala-2.11.2-no-git.patch | 24 --- dev-lang/scala/files/scala-2.11.4-no-git.patch | 24 --- dev-lang/scala/files/scala-2.11.6-no-git.patch | 24 --- dev-lang/scala/files/scala-2.11.7-no-git.patch | 24 --- dev-lang/scala/files/scala-2.11.8-no-git.patch | 24 --- dev-lang/scala/files/scala-2.12.1-no-git.patch | 37 ---- .../scala/files/scala-2.12.1-runner-script.patch | 22 -- dev-lang/scala/files/scala-2.12.2-no-git.patch | 23 --- dev-lang/scala/scala-2.11.1-r2.ebuild | 216 -------------------- dev-lang/scala/scala-2.11.11.ebuild | 224 --------------------- dev-lang/scala/scala-2.11.2-r2.ebuild | 218 -------------------- dev-lang/scala/scala-2.11.4-r1.ebuild | 218 -------------------- dev-lang/scala/scala-2.11.4-r2.ebuild | 218 -------------------- dev-lang/scala/scala-2.11.6-r1.ebuild | 218 -------------------- dev-lang/scala/scala-2.11.7-r1.ebuild | 222 -------------------- dev-lang/scala/scala-2.11.8.ebuild | 222 -------------------- dev-lang/scala/scala-2.12.1.ebuild | 213 -------------------- dev-lang/scala/scala-2.12.2.ebuild | 214 -------------------- 20 files changed, 2585 deletions(-) This issue was resolved and addressed in GLSA 201812-08 at https://security.gentoo.org/glsa/201812-08 by GLSA coordinator Aaron Bauman (b-man). |