Comment 1 Zac Medico 2022-11-29 19:21:01 UTC

It looks like it is vulnerable, since they specifically cut a release to fix it:

https://github.com/prometheus/pushgateway/releases/tag/v1.5.1

Comment 2 John Helmert III 2022-11-29 19:22:43 UTC

Great! Please bump.

Comment 3 Larry the Git Cow 2022-11-30 00:51:02 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89921c6d9254242e3c74762c57dc3531b5fb102c

commit 89921c6d9254242e3c74762c57dc3531b5fb102c
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-11-30 00:50:28 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-11-30 00:50:58 +0000

    app-metrics/pushgateway: add 1.5.1
    
    Bug: https://bugs.gentoo.org/883647
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-metrics/pushgateway/Manifest                 |  2 +
 app-metrics/pushgateway/pushgateway-1.5.1.ebuild | 48 ++++++++++++++++++++++++
 2 files changed, 50 insertions(+)

Comment 4 John Helmert III 2022-11-30 01:09:59 UTC

Thanks! Please cleanup when ready

Comment 5 Larry the Git Cow 2022-11-30 05:40:27 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27c8f2d94aeb5048f8064bd60e896853c3dfd107

commit 27c8f2d94aeb5048f8064bd60e896853c3dfd107
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-11-30 05:39:55 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-11-30 05:40:22 +0000

    app-metrics/pushgateway: drop 1.4.2, 1.4.3
    
    Bug: https://bugs.gentoo.org/883647
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-metrics/pushgateway/Manifest                 |  4 --
 app-metrics/pushgateway/pushgateway-1.4.2.ebuild | 48 ------------------------
 app-metrics/pushgateway/pushgateway-1.4.3.ebuild | 48 ------------------------
 3 files changed, 100 deletions(-)

Comment 6 John Helmert III 2022-11-30 16:58:04 UTC

Thanks, all done!