Summary: | <dev-python/pygments-2.0.2-r1: Shell injection in FontManager._get_nix_font_path (CVE-2015-8557) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jlec, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1276321 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-10-30 08:50:36 UTC
commit 0bd80b2412af7bd1143f9bb9a3426ebdfab5c333 Author: Justin Lecher <jlec@gentoo.org> Date: Fri Oct 30 12:14:00 2015 +0100 dev-python/pygments: Backport fix for shell injection Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=564478 Package-Manager: portage-2.2.23 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bd80b2412af7bd1143f9bb9a3426ebdfab5c333 @arches please stabilize dev-python/pygments-2.0.2-r1 Stable for HPPA PPC64. commit 425575947d9a71a5aed0426a76ea8c1cc0f889da Author: Justin Lecher <jlec@gentoo.org> Date: Sat Oct 31 08:36:32 2015 +0100 dev-python/pygments: Stable for ALLARCHES Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=564478 Package-Manager: portage-2.2.23 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=425575947d9a71a5aed0426a76ea8c1cc0f889da Cleaned. commit 8f3132b9389eef8f0674406cdd36baac8737581f Author: Justin Lecher <jlec@gentoo.org> Date: Sat Oct 31 08:39:17 2015 +0100 dev-python/pygments: Drop vulnerable versions Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=564478 Package-Manager: portage-2.2.23 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f3132b9389eef8f0674406cdd36baac8737581f commit 1df3cf378b95f59d76c98bfca0f23648cbabce2b Author: Justin Lecher <jlec@gentoo.org> Date: Fri Dec 4 09:34:28 2015 +0100 dev-python/pygments: Fix byte decoding in py3 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=564478 Package-Manager: portage-2.2.25 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1df3cf378b95f59d76c98bfca0f23648cbabce2b jlec, please do not close security bugs. We have to follow the security process on them. New GLSA Request filed. (In reply to Yury German from comment #7) > jlec, please do not close security bugs. We have to follow the security > process on them. > I am really sorry for that. didn't meant to do that. This issue was resolved and addressed in GLSA 201612-05 at https://security.gentoo.org/glsa/201612-05 by GLSA coordinator Aaron Bauman (b-man). |