CVE-2024-29864: Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b09f34921042e035679be3dfe9a66fc309188e7 commit 5b09f34921042e035679be3dfe9a66fc309188e7 Author: Maciej Barć <xgqt@gentoo.org> AuthorDate: 2024-03-29 02:39:53 +0000 Commit: Maciej Barć <xgqt@gentoo.org> CommitDate: 2024-03-29 03:04:55 +0000 app-containers/distrobox: drop old 1.6.0.1 Bug: https://bugs.gentoo.org/927742 Signed-off-by: Maciej Barć <xgqt@gentoo.org> app-containers/distrobox/Manifest | 1 - app-containers/distrobox/distrobox-1.6.0.1.ebuild | 32 ----------------------- 2 files changed, 33 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1ed583d37d854ad883f541f0015fab8bdb689869 commit 1ed583d37d854ad883f541f0015fab8bdb689869 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-12-11 11:59:52 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-12-11 12:00:01 +0000 [ GLSA 202412-18 ] Distrobox: Arbitrary Code Execution Bug: https://bugs.gentoo.org/927742 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202412-18.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)