btrbk 0.31.2 fixed the following vulnerability, introduced in 0.23.0: ssh_filter_btrbk.sh: Fix security vulnerability. Specialy crafted commands may be executed without being propely checked. Applies to remote hosts filtering ssh commands using ssh_filter_btrbk.sh in authorized_keys. Default configurations are not affected by this. Upstream commit: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584
Sanity check failed: > app-backup/btrbk-0.31.2 > rdepend arm64 stable profile default/linux/arm64/17.0 (9 total) > >=sys-block/mbuffer-20180505
All sanity-check issues have been resolved
Nice spot, Jannik! Ready to stable, candrews?
Nice catch! Let's do it.
(In reply to Craig Andrews from comment #4) > Nice catch! > > Let's do it. Cheers!
amd64 stable
arm done
arm64 done
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Unable to check for sanity: > no match for package: sys-block/mbuffer-20200929
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3beef0aac4992903418b978f7c643330ac91a6c commit e3beef0aac4992903418b978f7c643330ac91a6c Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-10-17 16:20:02 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-10-17 20:36:28 +0000 app-backup/btrbk: drop 0.29.1 Bug: https://bugs.gentoo.org/806962 Signed-off-by: John Helmert III <ajak@gentoo.org> app-backup/btrbk/Manifest | 1 - app-backup/btrbk/btrbk-0.29.1.ebuild | 76 ------------------------------------ 2 files changed, 77 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0ee61b1ed441ab2406d6bf942ad340257740ad9a commit 0ee61b1ed441ab2406d6bf942ad340257740ad9a Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-26 12:53:03 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-26 12:53:25 +0000 [ GLSA 202402-32 ] btrbk: Remote Code Execution Bug: https://bugs.gentoo.org/806962 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-32.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)