Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 698224

Summary: dev-python/astropy: the bundled CFITSIO library before 3.430 has critical security vulnerability
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: sci-astronomy
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/astropy/astropy/pull/7274
See Also: https://bugs.gentoo.org/show_bug.cgi?id=673944
Whiteboard: B3 [ebuild/stable?]
Package list:
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2019-10-21 18:34:32 UTC
Astropy is a community-driven package intended to contain much of the core functionality and some common tools needed for performing astronomy and astrophysics with Python.

Unclear vulnerabilities found in CFITSIO has prompted update advisories in the 3.X and 2.X releases of astropy. Please SEE $URL for details.
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-10-26 15:10:30 UTC
Closing as invalid: Packages in Gentoo repository (1.2.1,1.3.3,2.0.1) do NOT contain cfitsio lib.