Summary: | <app-crypt/gnupg-2.2.8: lack if file name sanitation allowing impact on status messages | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ap, crypto+disabled, k_f, nobrowser |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://dev/gnupg.org/T4012 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=657986 | ||
Whiteboard: | A4 [noglsa cve] | ||
Package list: |
dev-libs/libgpg-error-1.29
app-crypt/gnupg-2.2.8
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 657058, 659234 |
Description
Kristian Fiskerstrand (RETIRED)
2018-06-08 14:38:12 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe590de14fb83ce48e1f71e505fc65fd919e4f59 commit fe590de14fb83ce48e1f71e505fc65fd919e4f59 Author: Kristian Fiskerstrand <k_f@gentoo.org> AuthorDate: 2018-06-08 14:53:01 +0000 Commit: Kristian Fiskerstrand <k_f@gentoo.org> CommitDate: 2018-06-08 15:00:23 +0000 app-crypt/gnupg: New upstream version 2.2.8 (security fix) Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-crypt/gnupg/Manifest | 1 + app-crypt/gnupg/gnupg-2.2.8.ebuild | 130 +++++++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+) 2.2.8 is rejected for stabilization, there will be a 2.2.9, presumably later today. (In reply to Kristian Fiskerstrand from comment #2) > 2.2.8 is rejected for stabilization, there will be a 2.2.9, presumably later > today. For reference; https://lists.gnupg.org/pipermail/gnupg-devel/2018-June/033773.html (In reply to Kristian Fiskerstrand from comment #3) > (In reply to Kristian Fiskerstrand from comment #2) > > 2.2.8 is rejected for stabilization, there will be a 2.2.9, presumably later > > today. > > For reference; > https://lists.gnupg.org/pipermail/gnupg-devel/2018-June/033773.html After speaking with upstream going for stabilization of 2.2.8, the main issue was the requirement for newer libgpg-error and the deps are already correct for the newer versions for us. amd64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a54ed4dfc211139be027e1691bac4222150051e0 commit a54ed4dfc211139be027e1691bac4222150051e0 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-15 09:34:51 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 09:34:51 +0000 app-crypt/gnupg: stable 2.2.8 for ia64, bug #657596 Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" app-crypt/gnupg/gnupg-2.2.8.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ad4baec0c1a7945677a60e4858cfd26e6f6e820 commit 4ad4baec0c1a7945677a60e4858cfd26e6f6e820 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-15 09:34:36 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 09:34:36 +0000 dev-libs/libgpg-error: stable 1.29 for ia64, bug #657596 Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" dev-libs/libgpg-error/libgpg-error-1.29.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4dfef1590ec8ccd55bce908368f62f3248465eb commit d4dfef1590ec8ccd55bce908368f62f3248465eb Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-18 16:26:53 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-18 18:30:55 +0000 dev-libs/libgpg-error: stable 1.29 for sparc Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" dev-libs/libgpg-error/libgpg-error-1.29.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de999fba9469259f5b111b4e8df41011bfec4932 commit de999fba9469259f5b111b4e8df41011bfec4932 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-18 16:26:22 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-18 18:30:52 +0000 app-crypt/gnupg: stable 2.2.8 for sparc Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" app-crypt/gnupg/gnupg-2.2.8.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) arm64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03f7429b0c895cb2c1ad12568a6fedb4187801a3 commit 03f7429b0c895cb2c1ad12568a6fedb4187801a3 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 18:13:52 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 19:36:07 +0000 app-crypt/gnupg: stable 2.2.8 for ppc, bug #657596 Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" app-crypt/gnupg/gnupg-2.2.8.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=607d0890b68339657a625e5d8d24de251241cf76 commit 607d0890b68339657a625e5d8d24de251241cf76 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 17:44:27 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 19:35:37 +0000 dev-libs/libgpg-error: stable 1.29 for ppc, bug #657596 Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" dev-libs/libgpg-error/libgpg-error-1.29.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1281b81051d6110b128a0dbe93be3392d75a2ce2 commit 1281b81051d6110b128a0dbe93be3392d75a2ce2 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 20:08:44 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 20:21:08 +0000 app-crypt/gnupg: stable 2.2.8 for ppc64, bug #657596 Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" app-crypt/gnupg/gnupg-2.2.8.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01403628ca20177cbaf3d7935a02500d0d2bf7c3 commit 01403628ca20177cbaf3d7935a02500d0d2bf7c3 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 19:55:06 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 20:20:41 +0000 dev-libs/libgpg-error: stable 1.29 for ppc64, bug #657596 Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" dev-libs/libgpg-error/libgpg-error-1.29.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Stable on alpha. arm stable, all arches done. @maintainer(s), please clean. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abc2f318ed4a24ca6154f0ecc3cc9a23c4646f4b commit abc2f318ed4a24ca6154f0ecc3cc9a23c4646f4b Author: Kristian Fiskerstrand <k_f@gentoo.org> AuthorDate: 2018-07-08 11:21:46 +0000 Commit: Kristian Fiskerstrand <k_f@gentoo.org> CommitDate: 2018-07-08 11:21:46 +0000 app-crypt/gnupg: Cleanup old Bug: https://bugs.gentoo.org/657596 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-crypt/gnupg/Manifest | 5 -- app-crypt/gnupg/gnupg-2.1.15.ebuild | 157 --------------------------------- app-crypt/gnupg/gnupg-2.1.20-r1.ebuild | 122 ------------------------- app-crypt/gnupg/gnupg-2.2.4-r2.ebuild | 130 --------------------------- app-crypt/gnupg/gnupg-2.2.4.ebuild | 129 --------------------------- app-crypt/gnupg/gnupg-2.2.6.ebuild | 130 --------------------------- app-crypt/gnupg/gnupg-2.2.7.ebuild | 130 --------------------------- 7 files changed, 803 deletions(-) |