Summary: | <net-vpn/tor-{0.4.1.9,0.4.2.7}: Multiple vulnerabilities (CVE-2020-{10592,10593) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.torproject.org/pipermail/tor-packagers/2020-March/000090.html | ||
See Also: | https://github.com/gentoo/gentoo/pull/15004 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
=net-vpn/tor-0.4.2.7
|
Runtime testing required: | --- |
Description
Sam James
2020-03-18 16:22:17 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13955a3f9dd43e0146b3abf1533dab545f1754e3 commit 13955a3f9dd43e0146b3abf1533dab545f1754e3 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-18 16:50:23 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2020-03-18 16:54:30 +0000 net-vpn/tor: Security bump Bug: https://bugs.gentoo.org/713238 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Signed-off-by: Anthony G. Basile <blueness@gentoo.org> net-vpn/tor/Manifest | 3 ++ net-vpn/tor/tor-0.4.1.9.ebuild | 88 ++++++++++++++++++++++++++++++++++ net-vpn/tor/tor-0.4.2.7.ebuild | 90 +++++++++++++++++++++++++++++++++++ net-vpn/tor/tor-0.4.3.3_alpha.ebuild | 92 ++++++++++++++++++++++++++++++++++++ 4 files changed, 273 insertions(+) @maintainer(s): Thanks for being so quick (jinx)! Please advise if you are ready for stabilization or call for stabilization yourself. (In reply to sam_c (Security Padawan) from comment #2) > @maintainer(s): Thanks for being so quick (jinx)! > > Please advise if you are ready for stabilization or call for stabilization > yourself. Its ready for stabilization: =net-vpn/tor-0.4.1.9 =net-vpn/tor-0.4.2.7 KEYWORDS="amd64 arm arm64 ppc ppc64 x86" amd64 stable x86 stable ppc stable ppc64 stable arm stable New GLSA request filed. This issue was resolved and addressed in GLSA 202003-50 at https://security.gentoo.org/glsa/202003-50 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. arm64 stable @maintainer(s), please cleanup. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. (In reply to Sam James (sam_c) (security padawan) from comment #13) > @maintainer(s), please cleanup. done Unable to check for sanity:
> no match for package: =net-vpn/tor-0.4.1.9
(In reply to NATTkA from comment #16) > Unable to check for sanity: > > > no match for package: =net-vpn/tor-0.4.1.9 Actually, its time to move past 0.4.1 branch, so I removed it. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. (In reply to Anthony Basile from comment #17) > (In reply to NATTkA from comment #16) > > Unable to check for sanity: > > > > > no match for package: =net-vpn/tor-0.4.1.9 > > Actually, its time to move past 0.4.1 branch, so I removed it. Brilliant, thanks! |