936682 – <dev-python/sentry-sdk-{2.8.0,1.45.1}: Unintentional exposure of environment variables to subprocesses

Bug 936682 - <dev-python/sentry-sdk-{2.8.0,1.45.1}: Unintentional exposure of environment variables to subprocesses

Summary: <dev-python/sentry-sdk-{2.8.0,1.45.1}: Unintentional exposure of environment ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://github.com/getsentry/sentry-p...
Whiteboard:	B4 [noglsa]
Keywords:	PMASKED

Depends on:	936688 936695
Blocks:
	Show dependency tree

Reported:	2024-07-27 05:50 UTC by Michał Górny
Modified:	2025-03-01 05:53 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2024-07-27 05:50:10 UTC

The bug in Sentry's Python SDK <2.8.0 results in the unintentional exposure of environment variables to subprocesses despite the env={} setting.

Comment 1 Michał Górny archtester

2024-07-27 09:52:38 UTC

cleanup done.

Comment 2 John Helmert III archtester

2025-03-01 05:53:46 UTC

Tree is clean:

commit d6a2bd6b0bc2cb622a5587da6fdd01f7e429624b
Author: Michał Górny <mgorny@gentoo.org>
Date:   Fri Dec 6 05:35:15 2024 +0100

    dev-python/sentry-sdk: Remove last-rited pkg

    Bug: https://bugs.gentoo.org/937896
    Signed-off-by: Michał Górny <mgorny@gentoo.org>