Summary: | <dev-python/openpyxl-2.4.2: XEE vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python, vdupras |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/02/07/5 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-python/openpyxl-2.4.11
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-02-09 09:18:19 UTC
@ Maintainer(s): Please bump to >=dev-python/openpyxl-2.4.2 which contains the bugfix. References For CVE-2017-5992 http://www.cvedetails.com/cve/CVE-2017-5992/ @maintainers, ping. Please bump to latest release. Michael Boyle Gentoo Security Padawan The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f29859e1e34dcbe6c2b9656955aa3d98fcf30e6 commit 3f29859e1e34dcbe6c2b9656955aa3d98fcf30e6 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-08-07 17:25:30 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-08-07 17:25:30 +0000 dev-python/openpyxl: bump to 2.4.11 To avoid revdeps breaks and because this will be the target of a fast track stabilization (security), I avoid doing a double-major-version bump and limit the bump to the 2.4.x line. The 2.5 bump will be done separately with a regular stabilization process. Bug: https://bugs.gentoo.org/608714 Package-Manager: Portage-2.3.44, Repoman-2.3.10 dev-python/openpyxl/Manifest | 1 + dev-python/openpyxl/openpyxl-2.4.11.ebuild | 33 ++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) amd64, x86, please stabilize: dev-python/openpyxl-2.4.11 Thanks. x86 stable amd64 stable and GLSA vote: no The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=faa0d1e93590c9a89b98f7be63db9c9017c6b765 commit faa0d1e93590c9a89b98f7be63db9c9017c6b765 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-08-10 21:43:04 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-08-10 21:43:04 +0000 dev-python/openpyxl: remove old and vulnerable Bug: https://bugs.gentoo.org/608714 Package-Manager: Portage-2.3.45, Repoman-2.3.10 dev-python/openpyxl/Manifest | 2 -- dev-python/openpyxl/openpyxl-2.3.0.ebuild | 35 ------------------------------- dev-python/openpyxl/openpyxl-2.3.3.ebuild | 35 ------------------------------- 3 files changed, 72 deletions(-) I had to revert. My cleanup broke the CI, sorry about the noise. Will make proper clean later. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9b80fad012e382626a8e5384952cd049845da53 commit a9b80fad012e382626a8e5384952cd049845da53 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-08-11 23:16:13 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-08-11 23:16:13 +0000 dev-python/openpyxl: re-enable py34 on v2.4.11 I failed to see, before phasing it out, how many revdeps had a py34 enabled. If I want to be able to clean out old and vulnerable versions in a reasonable timeframe, I have to re-enable py34. Bug: https://bugs.gentoo.org/608714 Package-Manager: Portage-2.3.44, Repoman-2.3.10 dev-python/openpyxl/openpyxl-2.4.11.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77c8cb20b9c5ac66e91a40d267d6babfb1cf73a commit c77c8cb20b9c5ac66e91a40d267d6babfb1cf73a Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-08-11 23:20:13 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-08-11 23:20:13 +0000 dev-python/openpyxl: remove old and vulnerable Bug: https://bugs.gentoo.org/608714 Package-Manager: Portage-2.3.44, Repoman-2.3.10 dev-python/openpyxl/Manifest | 2 -- dev-python/openpyxl/openpyxl-2.3.0.ebuild | 35 ------------------------------- dev-python/openpyxl/openpyxl-2.3.3.ebuild | 35 ------------------------------- 3 files changed, 72 deletions(-) Thanks guys. |