Summary: | <kde-apps/okular-19.12.3-r1: Local binary execution via action links (CVE-2020-9359) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Nils Freydank <holgersson> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | holgersson | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://mail.kde.org/pipermail/kde-announce/2020-March/000089.html | ||||||
Whiteboard: | B2 [glsa+ cve] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 708822 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Nils Freydank
2020-03-14 14:03:57 UTC
Created attachment 618920 [details, diff]
fix from upstream
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e4e6c9feea5ae0f22fc9c639f2bc25f68194fda commit 6e4e6c9feea5ae0f22fc9c639f2bc25f68194fda Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-03-14 17:10:27 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-03-14 17:58:11 +0000 kde-apps/okular: Drop vulnerable 19.12.3 (r0) Bug: https://bugs.gentoo.org/712490 Package-Manager: Portage-2.3.93, Repoman-2.3.20 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-apps/okular/okular-19.12.3.ebuild | 112 ---------------------------------- 1 file changed, 112 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=232f0fbcc272198ac01d69d2ed5e43ccb2050a95 commit 232f0fbcc272198ac01d69d2ed5e43ccb2050a95 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-03-14 17:09:34 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-03-14 17:58:11 +0000 kde-apps/okular: Fix CVE-2020-9359 Reported-by: Nils Freydank <holgersson@posteo.de> Bug: https://bugs.gentoo.org/712490 Package-Manager: Portage-2.3.93, Repoman-2.3.20 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../files/okular-19.12.3-CVE-2020-9359.patch | 27 +++++ kde-apps/okular/okular-19.12.3-r1.ebuild | 113 +++++++++++++++++++++ 2 files changed, 140 insertions(+) Cleanup done in commit 305945367df9ecff66fd0389c1312df733028863. (In reply to Andreas Sturmlechner from comment #3) > Cleanup done in commit 305945367df9ecff66fd0389c1312df733028863. Correction; not done for arm64. Cleanup done for real this time. kde proj done here, anyway. Tree is clean. This issue was resolved and addressed in GLSA 202007-47 at https://security.gentoo.org/glsa/202007-47 by GLSA coordinator Sam James (sam_c). |