Summary: | <net-irc/weechat-2.7.1: Multiple vulnerabilities (CVE-2020-{9759,9760}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gyakovlev |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://weechat.org/doc/security/ | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=709452 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-03-23 16:53:38 UTC
Note that CVE-2020-8955 (bug 709452) was patched in 2.7-r2 but the others were not in that bug so did not receive a patch. @maintianer(s): please drop 2.7-r2 for cleanup and we're good. You can do a 2.7-r3 if you feel it is appropriate, but given 2.7.1 is already stable, it seems better to just drop the old one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8329f73882c3a757b26db8253041cc8d3c1b005 commit c8329f73882c3a757b26db8253041cc8d3c1b005 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-03-23 19:45:28 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-03-23 19:45:42 +0000 net-irc/weechat: drop old Bug: https://bugs.gentoo.org/714086 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> net-irc/weechat/Manifest | 1 - net-irc/weechat/files/2.7-CVE-2020-8955.patch | 46 -------- net-irc/weechat/weechat-2.7-r2.ebuild | 158 -------------------------- 3 files changed, 205 deletions(-) no need to keep pre 2.7.1 versions. 2.7-r2 dropped. please proceed. New GLSA request filed. This issue was resolved and addressed in GLSA 202003-51 at https://security.gentoo.org/glsa/202003-51 by GLSA coordinator Thomas Deutschmann (whissi). |