Summary: | <app-admin/mcollective-2.11.0: RCE via YAML deserialization | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | prometheanfire |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1470086 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=app-admin/mcollective-2.11.0 amd64 x86
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-07-12 15:19:12 UTC
ya, 2.11.0 can be stablized, it's just amd64/x86 so shouldn't be too bad Stable on alpha. (In reply to Tobias Klausmann from comment #2) > Stable on alpha. Bullshit. Amd64 stable. ping: Keywords for app-admin/mcollective: | | u | | a a p s a n r | n | | l m h i p p r m m i i s | e u s | r | p d a p a p c a x m i 6 o s 3 | a s l | e | h 6 r p 6 p 6 r 8 6 p 8 s c 9 s | p e o | p | a 4 m a 4 c 4 c 6 4 s k 2 v 0 h | i d t | o -------+---------------------------------+-------+------- 2.10.5 | o + o o o o o o + o o o o o o o | 5 # 0 | gentoo 2.11.1 | o + o o o o o o + o o o o o o o | 5 o | gentoo @x86: Could you please confirm that package is stable for x86 and if we need to cleanup or there are no fulnerable ebuilds. Thanks, Gentoo Security Padawan ChrisADR Already stable. glsa request is filed This issue was resolved and addressed in GLSA 201709-01 at https://security.gentoo.org/glsa/201709-01 by GLSA coordinator Aaron Bauman (b-man). |