Summary: | <dev-python/pysvn-1.8.0: Insecure use of os.system() in Workbench (CVE-2015-0853) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | python, whissi |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1262928 | ||
Whiteboard: | B2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 568392 | ||
Bug Blocks: |
Description
Agostino Sarubbo
![]() @arches, please stabilize dev-python/pycxx-6.2.6 dev-python/pysvn-1.8.0 amd64 : ok (builds) Both Build OK on amd64 Basic functionality tested for pysvn amd64 stable x86 stable ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. commit 258b64db9acfdbc04832a6b3a316daa5824394b9 Author: Justin Lecher <jlec@gentoo.org> Date: Sat Dec 26 18:58:42 2015 +0100 dev-python/pysvn: Drop vulnerable version for CVE-2015-0853 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=560530 obsoletes: Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=420191 Package-Manager: portage-2.2.26 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=258b64db9acfdbc04832a6b3a316daa5824394b9 @ Security: I think this bug should be closed as INVALID or at least OBSOLETE: The vulnerable file was "Source/wb_shell_unix_commands.py" which is not included in the python Extension for svn aka "pysvn". Please see http://pysvn.tigris.org/project_source_code.html -- there are 3 different projects. Pysvn wasn't affected and didn't received a fix. See http://pysvn.tigris.org/source/browse/pysvn/trunk/pysvn/WorkBench/Source/wb_shell_unix_commands.py?view=log for a list of change sets regarding the vulnerability in Workbench. |