Summary: | <kde-apps/ark-{16.08.3-r1,16.12.0-r1}: shell script execution (CVE-2017-5330) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Palimaka (kensington) <kensington> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | asturm, johu, kde, kensington |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.kde.org/show_bug.cgi?id=374572 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=kde-apps/ark-16.08.3-r1
|
Runtime testing required: | --- |
Description
Michael Palimaka (kensington)
2017-01-06 15:45:31 UTC
@ Maintainer(s): Patched version not yet released; Patches for both versions in Gentoo repository available, see $URL. Bumped 16.12.0-r1 and 16.08.3-r1 with the fix and verified with the upstream tar.gz example, dropped affected 16.12.0. 16.08.3-r1 should then be stabilised. @ Maintainer(s): Thank you for the rev bump! @ Arches, please test and mark stable: =kde-apps/ark-16.08.3-r1 amd64 stable CVE assignment: http://seclists.org/oss-sec/2017/q1/46 (In reply to Thomas Deutschmann from comment #5) > CVE assignment: http://seclists.org/oss-sec/2017/q1/46 So upstream is not trying to embargo. Good enough for me. x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Cleanup done. New GLSA request filed. This issue was resolved and addressed in GLSA 201701-69 at https://security.gentoo.org/glsa/201701-69 by GLSA coordinator Thomas Deutschmann (whissi). |