Details in tracker. This package bundles the vulnerable package, is the exporter actually vulnerable?
It looks like it is vulnerable, since they specifically cut a release to fix it: https://github.com/prometheus/pushgateway/releases/tag/v1.5.1
Great! Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89921c6d9254242e3c74762c57dc3531b5fb102c commit 89921c6d9254242e3c74762c57dc3531b5fb102c Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-11-30 00:50:28 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-11-30 00:50:58 +0000 app-metrics/pushgateway: add 1.5.1 Bug: https://bugs.gentoo.org/883647 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-metrics/pushgateway/Manifest | 2 + app-metrics/pushgateway/pushgateway-1.5.1.ebuild | 48 ++++++++++++++++++++++++ 2 files changed, 50 insertions(+)
Thanks! Please cleanup when ready
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27c8f2d94aeb5048f8064bd60e896853c3dfd107 commit 27c8f2d94aeb5048f8064bd60e896853c3dfd107 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-11-30 05:39:55 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-11-30 05:40:22 +0000 app-metrics/pushgateway: drop 1.4.2, 1.4.3 Bug: https://bugs.gentoo.org/883647 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-metrics/pushgateway/Manifest | 4 -- app-metrics/pushgateway/pushgateway-1.4.2.ebuild | 48 ------------------------ app-metrics/pushgateway/pushgateway-1.4.3.ebuild | 48 ------------------------ 3 files changed, 100 deletions(-)
Thanks, all done!