Summary: | <www-apps/websvn-2.3.3-r1: Symlink attack (CVE-2013-6892) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | grknight, web-apps |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
=www-apps/websvn-2.3.3-r1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 575486, 582234 |
Description
GLSAMaker/CVETool Bot
2015-06-20 21:14:00 UTC
Debian has a patch at https://sources.debian.net/patches/patch/websvn/2.3.3-1.2/13_security_CVE-2013-6892.patch/ I would be willing to apply this along with bug 552838 if no one has objections Then again, this package will self-destruct with >=dev-lang/php-7.0 without major surgery. Perhaps we should kill it? Upstream is dead; Patches come from Debian commit: 196fa9022f136bcbd82ab6f52a8d4c617b0603d6 Author: Brian Evans <grknight <AT> gentoo <DOT> org> AuthorDate: Thu Aug 11 18:21:29 2016 +0000 Commit: Brian Evans <grknight <AT> gentoo <DOT> org> CommitDate: Thu Aug 11 18:26:27 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=196fa902 www-apps/websvn: Non-maintainer security revision bump and EAPI cleanup Remove the deprecated depend.php wrt bug 552838 Include Debian security patches wrt bug 552684, bug 575486, and bug 582234 Package-Manager: portage-2.3.0 .../websvn/files/13_security_CVE-2013-6892.patch | 39 ++++++++++++++ www-apps/websvn/files/30_CVE-2016-2511.patch | 11 ++++ www-apps/websvn/files/31_CVE-2016-1236.patch | 61 ++++++++++++++++++++++ www-apps/websvn/websvn-2.3.3-r1.ebuild | 54 +++++++++++++++++++ 4 files changed, 165 insertions(+) @arches, please stabilize: =www-apps/websvn-2.3.3-r1 amd64 stable x86 stable Stable for PPC64. @ppc, please finalize stabilization. ppc stable. Maintainer(s), please cleanup. Security, please vote. GLSA Vote: No |