580586 – <dev-ml/opam-1.2.2-r1: missing certificate validation

Bug 580586 - <dev-ml/opam-1.2.2-r1: missing certificate validation

Summary: <dev-ml/opam-1.2.2-r1: missing certificate validation

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2016-04-20 07:33 UTC by Agostino Sarubbo
Modified:	2016-11-30 08:59 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
The build.log (build-opam.log,77.43 KB, text/x-log) 2016-04-30 22:44 UTC, jorgicio	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2016-04-20 07:33:02 UTC

From ${URL} :

please assign a CVE ID for this missing certicate validation issue in
ocaml:

- - upstream commit:
<https://github.com/ocaml/opam/commit/3d43295df3bb9e67e60801d319bf82c2c8
a84d24>
- - Debian bug: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818081>



@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.

Comment 1 Alexis Ballier gentoo-dev

2016-04-30 16:03:07 UTC

Author: Alexis Ballier <aballier@gentoo.org>
Date:   Sat Apr 30 18:02:11 2016 +0200

    dev-ml/opam: apply debian patch, backported from upstream, to check certicates when downloading. Bug #580586

Comment 2 jorgicio 2016-04-30 22:44:42 UTC

Created attachment 432734 [details]
The build.log

Now opam fails at build after patches applied.

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2016-11-29 19:58:41 UTC

@ jorgicio: Please file a new bug against dev-ml/opam for your build problem.


@ Security: Please vote!