Summary: | www-apps/phprojekt includes the vulnerable ZendFramework 1.x library | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Brian Evans (RETIRED) <grknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | treecleaner, vdupras, web-apps |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+] | ||
Package list: |
www-apps/phprojekt-6.1.2
|
Runtime testing required: | --- |
Description
Brian Evans (RETIRED)
2018-03-19 20:38:27 UTC
@Maintainers ping. Zend Framework is already removed from tree. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8811e877bda00b74a3d541305d868df55d3dfb64 commit 8811e877bda00b74a3d541305d868df55d3dfb64 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2018-07-23 14:08:24 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2018-07-23 14:10:00 +0000 www-apps/phprojekt: Package Removal Bug: https://bugs.gentoo.org/650936 profiles/package.mask | 4 --- www-apps/phprojekt/Manifest | 1 - www-apps/phprojekt/files/postinstall-6-en.txt | 9 ------ www-apps/phprojekt/metadata.xml | 11 -------- www-apps/phprojekt/phprojekt-6.1.2.ebuild | 40 --------------------------- 5 files changed, 65 deletions(-) Oops, sorry, I closed a security bug before noticing that it was a security bug. But then again, now that the package is removed, there's nothing left to do, right? Package was stable on x86 so we have to write a removal GLSA, new request filed. This issue was resolved and addressed in GLSA 201811-05 at https://security.gentoo.org/glsa/201811-05 by GLSA coordinator Thomas Deutschmann (whissi). |