Summary: | <www-apps/websvn-2.3.3-r1: reflected cross-site scripting | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | grknight, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1310758 | ||
Whiteboard: | B4 [blocked] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 552684 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2016-02-23 15:10:46 UTC
Kill this package. Second security bug since upstream cared. It also relies on PHP which may not even work today and won't in the near future with PHP 7. @web-apps, any reservations with tree cleaning this package? (In reply to Aaron Bauman from comment #2) > @web-apps, any reservations with tree cleaning this package? I'm not taking care of it so I don't know its state. x-site scripting can easily be fixed, but if its moribund because of php, then there's no saving it without serious effort. Let's see if any other dev wants it else last rite it. Upstream is dead; Patches come from Debian commit: 196fa9022f136bcbd82ab6f52a8d4c617b0603d6 Author: Brian Evans <grknight <AT> gentoo <DOT> org> AuthorDate: Thu Aug 11 18:21:29 2016 +0000 Commit: Brian Evans <grknight <AT> gentoo <DOT> org> CommitDate: Thu Aug 11 18:26:27 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=196fa902 www-apps/websvn: Non-maintainer security revision bump and EAPI cleanup Remove the deprecated depend.php wrt bug 552838 Include Debian security patches wrt bug 552684, bug 575486, and bug 582234 Package-Manager: portage-2.3.0 .../websvn/files/13_security_CVE-2013-6892.patch | 39 ++++++++++++++ www-apps/websvn/files/30_CVE-2016-2511.patch | 11 ++++ www-apps/websvn/files/31_CVE-2016-1236.patch | 61 ++++++++++++++++++++++ www-apps/websvn/websvn-2.3.3-r1.ebuild | 54 +++++++++++++++++++ 4 files changed, 165 insertions(+) GLSA Vote: No tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=804196e1f28457f9538c4b234b43e21befb83dcf |