Summary: | <net-dns/opendnssec-1.4.7: insecure usage of curl (CVE-2012-5582) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | mschiff |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2012/11/26/6 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-11-29 11:33:56 UTC
Per the release notes[0] eppclient has been removed since 1.4.0rc1. @maintainer, please cleanup vulnerable ebuilds (<1.4.7). [0]: https://github.com/opendnssec/opendnssec/blob/7e0ca962fb219f13842174b2984fbcb3ffb7b171/NEWS#L229 I cleaned it up and pushed a patched version (1.3.18-r1). Would be good if you reviewed the patch: files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch TIA ;) (In reply to Marc Schiffbauer from comment #2) > I cleaned it up and pushed a patched version (1.3.18-r1). > > Would be good if you reviewed the patch: > files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch > > TIA ;) Marc, looks good to me :) Thanks for the fix and bump. |