Summary: | <net-analyzer/nrpe-4.0.0: Multiple vulnerabilities (CVE-2020-{6581,6582}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hydrapolic, mjo, sysadmin |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-analyzer/nrpe-4.0.0
|
Runtime testing required: | --- |
Description
Sam James
2020-03-16 19:06:35 UTC
v4.0.0 is the latest release on github, but those two advisories say that 4.0 should have the fix. Feel free to stabilize it. (I don't actually use NRPE, but I'm the only one who works on it in Gentoo.) Let's hold stabilization. Sam pointed out that 4.0.2 has additional fixes. So we should bump first and go with 4.0.2 instead. Forget previous comment, 4.0.1+ is not available on GitHub. Using 4.0.0 in production, works fine. amd64 stable sparc stable x86 stable ppc stable ppc64 stable (In reply to Michael Orlitzky from comment #1) > v4.0.0 is the latest release on github, but those two advisories say that > 4.0 should have the fix. Feel free to stabilize it. (I don't actually use > NRPE, but I'm the only one who works on it in Gentoo.) Bit late now but the maintainer after a poke has released 4.0.2, so may be useful for somebody to bump it in the future. Dropped to ~hppa, feel free to get rid of old versions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6605f564beba67c715410948f4b770077153aaa7 commit 6605f564beba67c715410948f4b770077153aaa7 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2020-03-25 12:32:36 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2020-03-25 12:32:36 +0000 net-analyzer/nrpe: drop vulnerable 3.x versions. Bug: https://bugs.gentoo.org/712908 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> net-analyzer/nrpe/Manifest | 1 - net-analyzer/nrpe/nrpe-3.2.1-r1.ebuild | 89 -------------------------------- net-analyzer/nrpe/nrpe-3.2.1-r3.ebuild | 93 ---------------------------------- 3 files changed, 183 deletions(-) Tree is clean. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. |