Summary: | net-nds/389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | proxy-maint, treecleaner |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://pagure.io/389-ds-base/issue/50716 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=655176 https://github.com/gentoo/gentoo/pull/15907 |
||
Whiteboard: | ~4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 731296 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2019-12-02 22:17:00 UTC
Upstream patch: https://pagure.io/389-ds-base/c/ddbe3c8fe fb3d355..ddbe3c8 master -> master becdf20..86776bb 389-ds-base-1.4.1 -> 389-ds-base-1.4.1 959057c..fca2934 389-ds-base-1.4.0 -> 389-ds-base-1.4.0 428a8ff..b6ba778 389-ds-base-1.3.10 -> 389-ds-base-1.3.10 Since this package has no maintainers, and since it is not being updated. Please consider dropping the package. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66a48ca5d52d4699c4ef38209dfcad8ebdd149aa commit 66a48ca5d52d4699c4ef38209dfcad8ebdd149aa Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-06-04 18:24:47 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-04 19:14:36 +0000 net-nds/389-ds-base, dev-libs/389-adminutil: Last rites Bug: https://bugs.gentoo.org/655176 Bug: https://bugs.gentoo.org/701812 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> profiles/package.mask | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7414f8c33bb75cd9a4f6a61040886852fcf2afe1 commit 7414f8c33bb75cd9a4f6a61040886852fcf2afe1 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-07-13 04:52:07 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-07-13 04:52:31 +0000 dev-libs/svrcore: Remove last-rited pkg Bug: https://bugs.gentoo.org/655176 Bug: https://bugs.gentoo.org/701812 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-libs/svrcore/Manifest | 2 - dev-libs/svrcore/files/svrcore-4.0.4-gentoo.patch | 100 ---------------------- dev-libs/svrcore/files/svrcore-4.1-gentoo.patch | 100 ---------------------- dev-libs/svrcore/metadata.xml | 5 -- dev-libs/svrcore/svrcore-4.0.4-r1.ebuild | 40 --------- dev-libs/svrcore/svrcore-4.1.2.ebuild | 35 -------- profiles/package.mask | 6 -- 7 files changed, 288 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aef3f76fb5607ea9fcecd97c192a0ab06d224737 commit aef3f76fb5607ea9fcecd97c192a0ab06d224737 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-07-13 04:51:55 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-07-13 04:52:27 +0000 dev-libs/389-adminutil: Remove last-rited pkg Bug: https://bugs.gentoo.org/655176 Bug: https://bugs.gentoo.org/701812 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-libs/389-adminutil/389-adminutil-1.1.15.ebuild | 46 ---------------------- dev-libs/389-adminutil/Manifest | 1 - dev-libs/389-adminutil/metadata.xml | 5 --- profiles/package.mask | 2 - 4 files changed, 54 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb6602276b3003bcdafd619a28ac6f163f52fb30 commit eb6602276b3003bcdafd619a28ac6f163f52fb30 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-07-13 04:50:40 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-07-13 04:52:23 +0000 net-nds/389-ds-base: Remove last-rited pkg Bug: https://bugs.gentoo.org/655176 Bug: https://bugs.gentoo.org/701812 Signed-off-by: Michał Górny <mgorny@gentoo.org> net-nds/389-ds-base/389-ds-base-1.3.6.8-r1.ebuild | 126 ------- net-nds/389-ds-base/389-ds-base-9999.ebuild | 133 -------- net-nds/389-ds-base/Manifest | 1 - ...-base-1.3.6-backport-invalid-password-mig.patch | 376 --------------------- net-nds/389-ds-base/files/389-ds-snmp.initd | 44 --- net-nds/389-ds-base/files/389-ds.initd-r1 | 90 ----- net-nds/389-ds-base/metadata.xml | 23 -- 7 files changed, 793 deletions(-) noglsa, tree clean, closing. |