Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 681016 (CVE-2019-9187)

Summary: <www-apps/ikiwiki-3.20170111: server-side request forgery resulting in DoS (CVE-2019-9187)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: alicef
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2019-03-20 13:39:30 UTC
From ${URL} :

The vulnerability was discovered in aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in 
information disclosure or denial of service.


Upstream commit:;a=commitdiff;h=e7b0d4a;a=commitdiff;h=67543ce;a=commitdiff;h=d283e4c;a=commitdiff;h=9a275b2

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-15 15:49:18 UTC
This has been fixed as 3.20170111 is the earliest in tree, which is patched.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2020-04-16 07:19:33 UTC
GLSA Vote: No
Thank you all for you work. 
Closing as [noglsa].