Summary: | <dev-python/bottle-{0.11.7,0.12.6}: JSON content-type not restrictive enough (CVE-2014-3137) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | idella4, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/05/01/10 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-05-02 07:56:53 UTC
CVE-2014-3137 assigned. I've added 0.11.7 and 0.12.6 to the tree, I'd like to have 0.11.7 stabilized. Thank you. Arches, please stabilize: =dev-python/bottle-0.11.7 Targets: alpha amd64 arm ia64 ppc ppc64 sparc x86 Builds fine on x86. please mark stable for x86. amd64 stable x86 stable alpha stable ia64 stable ppc64 stable ppc stable sparc stable arm stable, all arches done! Cleanup, please! GLSA vote: no. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA Vote: No Maintainer timeout, cleanup done, closing noglsa. |