See https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c9eaa3ece6010067f206c88a87889650c9ddc08 commit 1c9eaa3ece6010067f206c88a87889650c9ddc08 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2023-09-04 08:20:44 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2023-09-04 08:21:50 +0000 app-backup/borgbackup: drop 1.2.4-r3 No versions vulnerable to CVE-2023-36811 left in the tree. Bug: https://bugs.gentoo.org/913407 Signed-off-by: Marek Szuba <marecki@gentoo.org> app-backup/borgbackup/Manifest | 1 - app-backup/borgbackup/borgbackup-1.2.4-r3.ebuild | 55 ------------------------ 2 files changed, 56 deletions(-)