699866 – dev-util/electron: multiple vulnerabilities

Bug 699866 - dev-util/electron: multiple vulnerabilities

Summary: dev-util/electron: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Deadline:	2020-04-29
Assignee:	Gentoo Security

URL:
Whiteboard:	~2 [ebuild]
Keywords:	PMASKED

Depends on:
Blocks:	CVE-2019-13720
	Show dependency tree

Reported:	2019-11-11 18:21 UTC by GLSAMaker/CVETool Bot
Modified:	2020-04-29 12:44 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2019-11-11 18:21:40 UTC

CVE-2019-13720 (https://nvd.nist.gov/vuln/detail/CVE-2019-13720):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-11-11 18:23:26 UTC

Vulnerable for most CVEs affecting past chromium versions.

Comment 2 Michał Górny archtester

2019-12-01 20:30:00 UTC

app-editors/atom needs it.

Also, it feels silly to consider this resolved by removing the standalone package when there are dozens packages bundling potentially old versions...

Comment 3 Larry the Git Cow gentoo-dev

2020-03-30 06:56:27 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b1862fe8a757ef8dcd3427dee4039ff82c2652c

commit 4b1862fe8a757ef8dcd3427dee4039ff82c2652c
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2020-03-30 06:55:19 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2020-03-30 06:55:19 +0000

    package.mask: Last rite dev-util/electron, app-editors/atom
    
    Bug: https://bugs.gentoo.org/699866
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 profiles/package.mask | 7 +++++++
 1 file changed, 7 insertions(+)

Comment 4 Larry the Git Cow gentoo-dev

2020-04-29 12:44:52 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10f79d2d9b224342346080628e9ca4b5b4acd38b

commit 10f79d2d9b224342346080628e9ca4b5b4acd38b
Author:     Mikle Kolyada <zlogene@gentoo.org>
AuthorDate: 2020-04-29 12:35:59 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2020-04-29 12:44:00 +0000

    dev-util/electron: remove last-rited pkg
    
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=622020
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=652244
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=678066
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=690006
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=692146
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=701958
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=675578
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=681734
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=694072
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=706376
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=714850
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=713024
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=699866
    
    Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>

 dev-util/electron/Manifest                  |  13 -
 dev-util/electron/electron-2.0.17-r2.ebuild | 918 ----------------------------
 dev-util/electron/files/toolchain/BUILD.gn  |  37 --
 dev-util/electron/metadata.xml              |  21 -
 4 files changed, 989 deletions(-)