Details in tracker. This package bundles the vulnerable Go package, is the exporter actually vulnerable?
blackbox_exporter-0.21.1 includes exporter-toolkit-0.7.1 and consequently is vulnerable to this issue. Please update to a newer version. The first fixed version appears to be blackbox_exporter-0.23.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55b6972bdc5a750b114f66086ee5c79d37c32ec1 commit 55b6972bdc5a750b114f66086ee5c79d37c32ec1 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-10-28 21:29:05 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-10-28 21:39:58 +0000 app-metrics/blackbox_exporter: add 0.24.0 Bug: https://bugs.gentoo.org/883651 Signed-off-by: John Helmert III <ajak@gentoo.org> app-metrics/blackbox_exporter/Manifest | 2 + .../blackbox_exporter-0.24.0.ebuild | 55 ++++++++++++++++++++++ 2 files changed, 57 insertions(+)
Remember that we version the atom in the summary only when there's a fixed version in tree.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccb8451cd1d0022e64eb4920f5078ffb9a6491b8 commit ccb8451cd1d0022e64eb4920f5078ffb9a6491b8 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2025-01-23 03:08:58 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2025-01-23 03:17:56 +0000 app-metrics/blackbox_exporter: drop 0.21.1 Bug: https://bugs.gentoo.org/883651 Closes: https://bugs.gentoo.org/948487 Signed-off-by: William Hubbs <williamh@gentoo.org> app-metrics/blackbox_exporter/Manifest | 2 - .../blackbox_exporter-0.21.1.ebuild | 56 ---------------------- 2 files changed, 58 deletions(-)
Somewhat niche functionality so noglsa.
