Summary: | <www-apache/passenger-5.1.11: Arbitrary file read vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graaff |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
www-apache/passenger-5.1.11
|
Runtime testing required: | --- |
Bug Depends on: | 626988 | ||
Bug Blocks: |
Description
Hans de Graaff
2017-10-16 15:29:26 UTC
www-apache/passenger-5.1.11 is now in the tree. I realize that bug 626988 has not yet been addressed, but given the seriousness of this security issue I'm calling for stabling of passenger 5.1.11 anyway. Note that bug 626988 isn't a regression for the current stable version, which only works with apache. Bug 626988 is blocking stabilization for x86. commit 564cc1c8d4992c74f865dd41e139c2d53bd39e6f Author: Hans de Graaff <graaff@gentoo.org> Date: Mon Oct 16 17:38:34 2017 +0200 www-apache/passenger: amd64 stable for bug 634452 x86 stable, last arch @ Maintainer(s): Please cleanup & drop <www-apache/passenger-5.1.11! Please clean. CC'ing maintainer for cleanup. cleanup done (In reply to Hans de Graaff from comment #8) > cleanup done Thanks, Hans! |