Summary: | <dev-java/gradle-bin-6.3: Multiple vulnerabilities (CVE-2019-{11065,15052}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | chainsaw, dan, flow, java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1698508 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 633546 | ||
Bug Blocks: | 711190 |
Description
Agostino Sarubbo
![]() CVE-2019-15052 (https://nvd.nist.gov/vuln/detail/CVE-2019-15052): The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0c814e2c0e7b8761f63a974ffda468d6652fa6b commit b0c814e2c0e7b8761f63a974ffda468d6652fa6b Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2020-04-30 23:37:02 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2020-04-30 23:38:21 +0000 dev-java/gradle-bin: Bump to version 6.3 and EAPI 7 Examples are no longer included but there is more documentation. Closes: https://bugs.gentoo.org/633546 Bug: https://bugs.gentoo.org/683032 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: James Le Cuirot <chewi@gentoo.org> dev-java/gradle-bin/Manifest | 1 + dev-java/gradle-bin/gradle-bin-6.3.ebuild | 49 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) Thanks Chewi! @maintainer(s), please cleanup. @maintainer(s), ping, please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20e4fe5ab78b490e6f47f01a9273178945565920 commit 20e4fe5ab78b490e6f47f01a9273178945565920 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-17 21:28:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-17 23:59:56 +0000 dev-java/gradle-bin: security cleanup Bug: https://bugs.gentoo.org/683032 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> dev-java/gradle-bin/Manifest | 3 -- dev-java/gradle-bin/gradle-bin-3.3.ebuild | 51 -------------------------- dev-java/gradle-bin/gradle-bin-3.4.1.ebuild | 51 -------------------------- dev-java/gradle-bin/gradle-bin-5.2.1.ebuild | 56 ----------------------------- 4 files changed, 161 deletions(-) Tree is clean. Closing. |