Summary: | <dev-python/python-gnupg-0.4.5: improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt() (CVE-2019-6690) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | conikost, python |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-python/python-gnupg-0.4.5
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-05-13 15:47:24 UTC
Please bump to >=0.4.4. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4038ef34b9021911fa48641cb3a55edfd2c06bca commit 4038ef34b9021911fa48641cb3a55edfd2c06bca Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2019-12-17 18:33:41 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2019-12-17 18:37:28 +0000 dev-python/python-gnupg: bump to version 0.4.5 Dropped patches, since they got merged. Also added python3.8 support, as all tests locally passed. Bug: https://bugs.gentoo.org/685864 Package-Manager: Portage-2.3.81, Repoman-2.3.20 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> dev-python/python-gnupg/Manifest | 1 + dev-python/python-gnupg/python-gnupg-0.4.5.ebuild | 29 +++++++++++++++++++++++ 2 files changed, 30 insertions(+) amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96b5608ee3d86f4710dbca58e1c702bf18b90eaf commit 96b5608ee3d86f4710dbca58e1c702bf18b90eaf Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2019-12-20 19:40:39 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2019-12-20 19:42:54 +0000 dev-python/python-gnupg: drop old versions Bug: https://bugs.gentoo.org/685864 Package-Manager: Portage-2.3.81, Repoman-2.3.20 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> dev-python/python-gnupg/Manifest | 3 -- ...hon-gnupg-0.4.3-skip_network_needing_test.patch | 51 ---------------------- ...n-gnupg-0.4.3-use_seperate_keys_directory.patch | 50 --------------------- dev-python/python-gnupg/python-gnupg-0.4.0.ebuild | 27 ------------ dev-python/python-gnupg/python-gnupg-0.4.1.ebuild | 27 ------------ dev-python/python-gnupg/python-gnupg-0.4.3.ebuild | 31 ------------- 6 files changed, 189 deletions(-) GLSA Vote: No Repository is clean, all done! |