Summary: | <dev-vcs/git-annex-8.20200617: private data exposure (CVE-2018-{10857,10859}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schuhmacher <mynt1aa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | haskell, jkt, solpeth |
Priority: | Low | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/ | ||
See Also: |
https://github.com/gentoo/gentoo/pull/16890 https://github.com/gentoo/gentoo/pull/16987 |
||
Whiteboard: | ~4 [cleanup cve] | ||
Package list: | Runtime testing required: | --- |
Description
Florian Schuhmacher
2018-06-26 19:26:15 UTC
CVE-2018-10857: Patch: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=4315bb9e421f2c643e517d8982c6c35b1909c78b CVE-2018-10859: Patch: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=67c06f51219475a185f3444635eaf07b2abed731 Patch: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=b657242f5d946efae4cc77e8aef95dd2a306cd6b @maintainer(s): ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=928f50920afc24e8b5783ac59a41cb6b6a4358aa commit 928f50920afc24e8b5783ac59a41cb6b6a4358aa Author: Jack Todaro <solpeth@posteo.org> AuthorDate: 2020-07-30 00:46:15 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-08-01 08:02:12 +0000 dev-vcs/git-annex: bump up to 8.20200617 Bug: https://bugs.gentoo.org/659288 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Jack Todaro <solpeth@posteo.org> Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> dev-vcs/git-annex/Manifest | 1 + dev-vcs/git-annex/git-annex-8.20200617.ebuild | 160 ++++++++++++++++++++++++++ dev-vcs/git-annex/metadata.xml | 3 + 3 files changed, 164 insertions(+) Thanks! Please cleanup when ready. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7af25e0ef157fc58c8d99541013f8bae68adddd commit a7af25e0ef157fc58c8d99541013f8bae68adddd Author: Jack Todaro <solpeth@posteo.org> AuthorDate: 2020-08-03 20:28:49 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-08-03 22:58:17 +0000 dev-vcs/git-annex: remove old Bug: https://bugs.gentoo.org/659288 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Jack Todaro <solpeth@posteo.org> Closes: https://github.com/gentoo/gentoo/pull/16987 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> dev-vcs/git-annex/Manifest | 1 - .../files/git-annex-6.20160114-QC-2.8.2.patch | 16 -- .../files/git-annex-6.20161210-directory-1.3.patch | 9 -- .../files/git-annex-6.20170101-crypto-api.patch | 8 - dev-vcs/git-annex/git-annex-6.20170818-r1.ebuild | 161 --------------------- dev-vcs/git-annex/metadata.xml | 2 - 6 files changed, 197 deletions(-) (In reply to Sam James from comment #4) > Thanks! Please cleanup when ready. You're welcome! Are we able to now mark this as resolved? Clean up was performed in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7af25e0ef157fc58c8d99541013f8bae68adddd (In reply to Jack Todaro from comment #6) > (In reply to Sam James from comment #4) > > Thanks! Please cleanup when ready. > You're welcome! Are we able to now mark this as resolved? Clean up was > performed in > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=a7af25e0ef157fc58c8d99541013f8bae68adddd Yep, all done! :) ~ package, so no glsa, closing. |