Summary: | <net-misc/dropbear-2020.80: Multiple vulnerabilities (CVE-2018-{0739,12437,20685}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | embedded |
Priority: | Normal | Keywords: | CC-ARCHES, PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/15897 https://bugs.gentoo.org/show_bug.cgi?id=723844 https://github.com/gentoo/gentoo/pull/16440 https://bugs.gentoo.org/show_bug.cgi?id=732664 https://github.com/gentoo/gentoo/pull/16906 https://github.com/gentoo/gentoo/pull/18734 |
||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
net-misc/dropbear-2020.80
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 723846, 728412 |
Description
Sam James
2020-05-18 21:34:06 UTC
We can either update the bundled version or just package it in tree finally. From 2020.79 release notes: "scp fix for CVE-2018-20685 where a server could modify name of output files" Note that 2020.79 bumps the bundled versions, so we can do that for now. x86 stable arm64 stable sparc stable ppc stable amd64 stable arm stable ppc64 stable s390 stable hppa: ping GLSA vote: yes This issue was resolved and addressed in GLSA 202007-53 at https://security.gentoo.org/glsa/202007-53 by GLSA coordinator Sam James (sam_c). Reopening for hppa. hppa stable Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77996c702667b32eec00164b9e2eca0c69a2ba27 commit 77996c702667b32eec00164b9e2eca0c69a2ba27 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-29 19:47:56 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-29 23:11:44 +0000 net-misc/dropbear: security cleanup Bug: https://bugs.gentoo.org/723848 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> net-misc/dropbear/Manifest | 1 - net-misc/dropbear/dropbear-2019.78.ebuild | 107 ------------------------------ net-misc/dropbear/dropbear-2020.80.ebuild | 105 ----------------------------- 3 files changed, 213 deletions(-) |