Summary: | <dev-python/soappy-0.12.20: XXE and billion laughs vulnerabilities (CVE-2014-{3242,3243}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=dev-python/soappy-0.12.22
=dev-python/defusedxml-0.4.1-r1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2015-01-03 23:58:26 UTC
Solution: Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com. please ping us when this changes From https://bugzilla.redhat.com/show_bug.cgi?id=1094619#c8: > This was fixed upstream in 0.12.6, via the following commit: > > https://github.com/kiorky/SOAPpy/commit/a386568 > > Note that the fix was changed by the subsequent commit to fix the billion > laughs issue: > > https://github.com/kiorky/SOAPpy/commit/64125a2 $ git tag --contains 64125a2 | sort 0.12.20 @ Arches, please test and mark stable: =dev-python/soappy-0.12.22 amd64 stable x86 stable Stable on alpha. arm stable An automated check of this bug failed - repoman reported dependency errors (67 lines truncated):
> dependency.bad dev-python/soappy/soappy-0.12.22.ebuild: DEPEND: ia64(default/linux/ia64/13.0) ['dev-python/defusedxml[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]']
> dependency.bad dev-python/soappy/soappy-0.12.22.ebuild: RDEPEND: ia64(default/linux/ia64/13.0) ['dev-python/defusedxml[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]']
> dependency.bad dev-python/soappy/soappy-0.12.22.ebuild: DEPEND: ia64(default/linux/ia64/13.0/desktop) ['dev-python/defusedxml[python_targets_python2_7(-)?,-python_single_target_python2_7(-)]']
sparc stable Stable for HPPA. ppc stable ia64 stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. commit 60ffdd915ad1f1a68d5b3622d62ddb8b60627083 Author: David Seifert <soap@gentoo.org> Date: Wed Jan 18 11:15:07 2017 +0100 dev-python/soappy: Remove old vulnerable versions Gentoo-bug: 534546 GLSA Vote: No |