Summary: | <sys-apps/yarn-1.22.0: arbitrary filesystem write vulnerability in src/fetchers/tarball-fetcher.js (CVE-2020-8131) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | proxy-maint, saboya, zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://hackerone.com/reports/730239 | ||
Whiteboard: | ~2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-03-01 01:49:50 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1167b651c1845379e649d8b0dac2fb4e7aa2fced commit 1167b651c1845379e649d8b0dac2fb4e7aa2fced Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-03-01 02:40:37 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-03-01 02:41:02 +0000 sys-apps/yarn: remove vulnerable versions bug 711132 Bug: https://bugs.gentoo.org/711132 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/yarn/Manifest | 2 -- sys-apps/yarn/yarn-1.19.2.ebuild | 39 --------------------------------------- sys-apps/yarn/yarn-1.21.1.ebuild | 40 ---------------------------------------- 3 files changed, 81 deletions(-) Package has no stable ebuild. Repository is clean, all done. |