Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 908104 (CVE-2023-38198) - <app-crypt/acme-sh-3.0.6: Remote code execution
Summary: <app-crypt/acme-sh-3.0.6: Remote code execution
Status: RESOLVED FIXED
Alias: CVE-2023-38198
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL: https://github.com/acmesh-official/ac...
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-09 10:12 UTC by Sam James
Modified: 2024-02-10 05:50 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Larry the Git Cow gentoo-dev 2023-06-09 11:49:40 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eaf65747638e7864fc50d9149cde5271893a7365

commit eaf65747638e7864fc50d9149cde5271893a7365
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-06-09 11:49:12 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-06-09 11:49:15 +0000

    profiles: mask app-crypt/acme-sh
    
    Bug: https://github.com/acmesh-official/acme.sh/issues/4659
    Bug: https://bugs.gentoo.org/908104
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/package.mask | 7 +++++++
 1 file changed, 7 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2023-06-09 17:11:35 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e2913b7ceeb28d9676faa6df997f45d9b5caf25

commit 0e2913b7ceeb28d9676faa6df997f45d9b5caf25
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2023-06-09 17:10:35 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2023-06-09 17:11:17 +0000

    app-crypt/acme-sh: drop 3.0.5
    
    Bug: https://bugs.gentoo.org/908104
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 app-crypt/acme-sh/Manifest             |  1 -
 app-crypt/acme-sh/acme-sh-3.0.5.ebuild | 54 ----------------------------------
 2 files changed, 55 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60815531ad4ec7d958512bbe71b6d44b2ea60960

commit 60815531ad4ec7d958512bbe71b6d44b2ea60960
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2023-06-09 17:09:54 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2023-06-09 17:10:08 +0000

    app-crypt/acme-sh: add 3.0.6
    
    Bug: https://bugs.gentoo.org/908104
    Bug: https://github.com/acmesh-official/acme.sh/issues/4659
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 app-crypt/acme-sh/Manifest             |  1 +
 app-crypt/acme-sh/acme-sh-3.0.6.ebuild | 54 ++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2023-06-09 17:12:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61e56e8c4fa4bd8cad4f093a11d19b4a0d11fd7a

commit 61e56e8c4fa4bd8cad4f093a11d19b4a0d11fd7a
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2023-06-09 17:12:07 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2023-06-09 17:12:20 +0000

    app-crypt/acme-sh: drop mask
    
    Bug: https://bugs.gentoo.org/908104
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 profiles/package.mask | 7 -------
 1 file changed, 7 deletions(-)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-10 05:50:06 UTC 
I guess there was never any stable version. All done.