744157 – (CVE-2020-25787, CVE-2020-25788, CVE-2020-25789) <www-apps/tt-rss-20200922: Multiple vulnerabilities (CVE-2020-{25787,25788,25789})

Bug 744157 (CVE-2020-25787, CVE-2020-25788, CVE-2020-25789) - <www-apps/tt-rss-20200922: Multiple vulnerabilities (CVE-2020-{25787,25788,25789})

Summary: <www-apps/tt-rss-20200922: Multiple vulnerabilities (CVE-2020-{25787,25788,25...

Status:	RESOLVED FIXED

Alias:	CVE-2020-25787, CVE-2020-25788, CVE-2020-25789

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:	https://community.tt-rss.org/t/heads-...
Whiteboard:	~4 [gnoglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-09-22 20:31 UTC by Sam James
Modified:	2020-09-24 00:42 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-09-22 20:31:52 UTC

* CVE-2020-25787

Description:
"An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them."

* CVE-2020-25788

Description:
"An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message."

Comment 1 Sam James archtester

2020-09-22 20:32:29 UTC

Please bump when you can! Thanks :)

Comment 2 Sam James archtester

2020-09-22 20:33:14 UTC

* CVE-2020-25789

Description:
"An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document."

Comment 3 James Le Cuirot gentoo-dev

2020-09-22 21:40:04 UTC

Bump on the way.

Comment 4 Sam James archtester

2020-09-23 03:41:27 UTC

(In reply to James Le Cuirot from comment #3)
> Bump on the way.

Thanks!

Comment 5 Larry the Git Cow gentoo-dev

2020-09-23 21:42:19 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25bbfeb39f123d840b57975e6f71c76666c73a9e

commit 25bbfeb39f123d840b57975e6f71c76666c73a9e
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2020-09-23 21:41:53 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2020-09-23 21:41:53 +0000

    www-apps/tt-rss: Drop old vulnerable versions
    
    Bug: https://bugs.gentoo.org/744157
    Package-Manager: Portage-3.0.6, Repoman-3.0.1
    Signed-off-by: James Le Cuirot <chewi@gentoo.org>

 www-apps/tt-rss/Manifest               |  2 -
 www-apps/tt-rss/tt-rss-20180105.ebuild | 84 ----------------------------------
 www-apps/tt-rss/tt-rss-20190523.ebuild | 84 ----------------------------------
 3 files changed, 170 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ef6ecc9f0d8c046fd0b66f6e371400f251ac17a

commit 5ef6ecc9f0d8c046fd0b66f6e371400f251ac17a
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2020-09-23 21:39:41 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2020-09-23 21:40:58 +0000

    www-apps/tt-rss: Bump snapshot to 20200922, GLEP 81
    
    Bug: https://bugs.gentoo.org/744157
    Package-Manager: Portage-3.0.6, Repoman-3.0.1
    Signed-off-by: James Le Cuirot <chewi@gentoo.org>

 www-apps/tt-rss/Manifest               |  1 +
 www-apps/tt-rss/tt-rss-20200922.ebuild | 87 ++++++++++++++++++++++++++++++++++
 www-apps/tt-rss/tt-rss-99999999.ebuild | 48 ++++++++++---------
 3 files changed, 114 insertions(+), 22 deletions(-)

Comment 6 John Helmert III archtester

2020-09-24 00:42:49 UTC

Thanks Chewi. Tree clean, no stable -> noglsa, all done.