Hello: According to upstream GitHub release page (https://github.com/LizardByte/Sunshine/releases), the new version of sunshine contains "critical security fixes.", and urge users to "Please update as soon as possible". However, net-misc/sunshine::gentoo is still in 0.22.2, someone should update package or at least mask this vulnerable version. Also, since they didn't talk about the vulnerability in detail, I can't attach a CVE to this. Thanks for your hard work :)
Dropping version from summary as there's no fixed version in tree yet.
Details on the vulnerability can be found here: https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d672a87e1fa3ee4704555eb5fe254d534bdc2d3f commit d672a87e1fa3ee4704555eb5fe254d534bdc2d3f Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2024-04-21 21:59:57 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2024-04-21 21:59:57 +0000 net-misc/sunshine: Bump to 0.23.1, drop vulnerable 0.22.2 I'll deal with the new tests later. Bug: https://bugs.gentoo.org/930038 Signed-off-by: James Le Cuirot <chewi@gentoo.org> net-misc/sunshine/Manifest | 6 +++--- .../sunshine/{sunshine-0.22.2.ebuild => sunshine-0.23.1.ebuild} | 3 ++- net-misc/sunshine/sunshine-9999.ebuild | 3 ++- 3 files changed, 7 insertions(+), 5 deletions(-)
